Privacy Policy
Overview
This policy explains how personal data is collected, processed, and protected when you use the service—whether via web, mobile, or API. It also outlines your rights regarding that data. Continued use signals acceptance of these terms. Please revisit periodically for changes.
Types of Data Collected
We collect only necessary personal data such as email addresses, user IDs, device information, and usage logs. Collection happens both through user input (e.g., registration, profile updates) and automatically via cookies and server logs. No sensitive categories (health, financial, biometric) are requested. All collection points clearly state the purpose of processing.
Purpose & Legal Basis
Data is processed to authenticate users, maintain security, and provide support. Aggregate, anonymized insights drive performance tuning and feature development. Processing is based on contractual necessity, legitimate interests for security, and user consent for optional features. New processing purposes will be disclosed and require opt-in.
Cookies & Tracking Technologies
Essential cookies maintain session continuity and security tokens. Non-essential analytics cookies remain inactive until you enable them. We do not deploy third-party advertising cookies without explicit consent. Cookie preferences can be adjusted via your browser or account dashboard.
Data Security
All data in transit is protected by encryption (e.g., HTTPS/TLS). Data at rest is secured with strong encryption algorithms (e.g., AES-256) in access-controlled environments. Role-based access controls and multi-factor authentication limit internal access. Regular security audits and penetration tests identify and address vulnerabilities.
User Rights & Controls
You have the right to access, correct, or delete your personal data at any time by contacting support or using account settings. We respond to valid requests within thirty days, subject to legal requirements. Data necessary for compliance or dispute resolution may be retained in anonymized form. You can withdraw consent for optional processing without affecting essential services.
Retention & Deletion
Personal data is retained only as long as necessary—typically no more than twenty-four months from last user activity. After that period, data is permanently deleted or irreversibly anonymized. Backup copies are purged within ninety days after active retention expires. Detailed retention schedules are available upon request.
Breach Notification
In the event of a confirmed data breach affecting personal information, affected users will receive notification within seventy-two hours of verification. Notifications describe the breach’s nature, affected data categories, and recommended steps. Regulatory authorities will be informed as required by law. A comprehensive post-incident review will guide future improvements.
Automated Decision-Making
Automated systems may analyze anonymized data for threat detection, capacity planning, and non-critical personalization. If an automated decision significantly affects your account, you will be notified and given the option for a human review. Personalization features operate only with explicit opt-in. All automated processes are documented and subject to audit.
Third-Party Sharing
We share data only with essential third-party providers bound by strict data protection agreements (e.g., hosting, payment processing, email delivery). Each provider undergoes regular audits to ensure compliance. No personal data is shared with advertisers or data brokers. All transfers are logged and are accessible for audit.
Policy Updates
This policy is reviewed at least annually or whenever significant legal or operational changes occur. Material revisions will be communicated via in-service notifications and email at least fourteen days before taking effect. Continued service use after the effective date indicates acceptance of revised terms. Archived versions remain accessible for transparency.
