Q DialoQ

Privacy policy

How we handle the small amount of data we collect from readers.

Last updated: 16 April 2026

Who this policy applies to

This privacy notice covers dialoq.biz (the "site") and the editorial operations of DialoQ Editorial, a review publication based in Colombo. It applies to every visitor who reaches the site, whether they contact us through the tips form, subscribe to our newsletter, or simply read an article. We are committed to honouring the principles set out in the Sri Lanka Personal Data Protection Act No. 9 of 2022, and to handling any personal information we receive with care, discretion and restraint.

What we collect

We collect only what we need. When you read an article, our web server logs a short record of the request — this typically includes the IP address of your connection, the page you requested, the time of the request and basic information about your browser. These logs are retained for operational and security purposes for no longer than 90 days and are not used to build long-term profiles of individual readers.

When you send a message through our contact form, we receive the name, email address, optional location and message text that you submit. When you opt into our newsletter, we receive your email address. We do not ask for, and have no interest in, your national identity card number, mobile phone number, payment card data or any other sensitive identifier.

Cookies and analytics

The site uses a small number of first-party cookies for essential functions such as remembering your preferred text size. We also run a lightweight privacy-respecting analytics service that aggregates traffic patterns at the article level — for example, how many readers viewed the 5G tracker yesterday. This analytics service does not set advertising cookies, does not attempt to identify you personally, and does not share data with third-party advertising networks. If you wish to opt out of analytics entirely, most modern browsers support a "Do Not Track" or privacy-mode setting that we honour.

Legal basis for processing

Our processing of your personal data is based on one of the following grounds, depending on the interaction:

  • Legitimate interest — for basic server logs, aggregate analytics and fraud prevention.
  • Consent — for newsletter subscription and for storing the content of a tips-form submission beyond the time needed to respond.
  • Contractual necessity — for the limited commercial relationships we hold with our hosting provider and similar infrastructure suppliers.

Your rights under the PDPA

The Sri Lanka Personal Data Protection Act No. 9 of 2022 grants you a number of rights in relation to the information we hold about you. These include the right to access the personal data we hold, the right to have inaccurate data corrected, the right to request deletion in the circumstances set out in the Act, and the right to withdraw any consent you have previously given. To exercise any of these rights, email [email protected] and we will respond within the statutory timelines.

Sharing with third parties

We do not sell reader data. We do not trade it. We do not share it with advertising networks. The third parties that necessarily touch our systems are limited to our hosting provider (responsible for running the physical servers), our email delivery service (responsible for sending newsletters you have opted into), and, when legally required, Sri Lankan law-enforcement authorities acting under a valid request. We maintain written data-processing terms with each of these providers.

Data retention

Server logs are retained for up to 90 days. Tips-form submissions are retained for up to two years after the last correspondence, to allow us to follow up on long-running stories. Newsletter subscriber records are retained until you unsubscribe. If you ask us to delete any record about you, and we have no legal obligation to retain it, we will act on that request within 30 days.

Data security

We take reasonable technical and organisational measures to protect the information we hold. Access to the content of tips submissions is restricted to a small number of editorial staff on a need-to-know basis. All data in transit to and from our systems is encrypted using current TLS standards, and we apply security patches to our hosting environment on a regular schedule.

Children

The site is not intended for children under the age of sixteen. We do not knowingly collect personal information from children. If you believe we have inadvertently received such data, please let us know at [email protected] and we will promptly delete it.

International transfers

Some of our infrastructure providers operate data centres outside Sri Lanka, most commonly in Singapore. Any such transfers are conducted under contractual safeguards consistent with PDPA requirements.

Changes to this policy

We may update this policy from time to time to reflect changes in our practices or in Sri Lankan law. The "last updated" date at the top of this page will always tell you when the current version took effect. Material changes will be flagged in our newsletter.

How to reach us

For any question about this privacy notice or about how we handle your data, write to [email protected], or to our registered office at Level 5, Access Towers II, 278 Union Place, Colombo 02, Sri Lanka 00200.