Privacy Policy

Applicability

This policy applies whenever personal information is collected in connection with the service—whether through web, mobile, or API. It details how data is gathered, used, protected, and retained. Continued use signifies acceptance of these practices. Please revisit periodically for updates.

Data Collection Channels

We collect non-sensitive data such as email, username, IP address, device type, and usage metrics. Data is obtained via user-input forms and automatically through cookies and server logs. Sensitive categories (health, financial, biometric) are never requested. Each data-collection point clearly states its purpose and legal basis.

Purpose & Legal Grounds

Personal data is used for authentication, security enforcement, and customer support. Aggregated, anonymized analytics help improve performance and guide feature development. Processing is based on contractual necessity, legitimate interests for security, and user consent for optional features. Any new purposes will be disclosed and require separate opt-in.

Cookie Policy

Essential cookies are always active to support core functionality—such as session maintenance and security. Non-essential analytics cookies remain disabled until you explicitly enable them. Third-party advertising cookies are never implemented without separate consent. Cookie preferences may be managed via browser or account settings.

Data Security Measures

Data in transit is secured by HTTPS/TLS encryption to prevent interception. Data at rest is encrypted with advanced algorithms (e.g., AES-256) and stored in restricted environments. Access is limited by role-based controls and two-factor authentication. Regular security audits, vulnerability scans, and penetration tests ensure robust protections.

User Rights & Choices

You have the right to request access, correction, or deletion of your personal data at any time. Requests are processed within thirty days, subject to relevant legal requirements. Data essential for compliance or dispute resolution may be retained in anonymized form. You may also withdraw consent for optional processing without affecting core services.

Retention & Deletion

Personal data is retained only as long as necessary—typically no more than twenty-four months from last activity. After that period, records are securely deleted or irreversibly anonymized. Backups are purged within ninety days of the end of the retention period. Detailed retention schedules are available upon request.

Breach Notification

In the event of a confirmed data breach, affected individuals will be notified within seventy-two hours of breach confirmation. The notification will include the breach’s nature, data categories involved, and recommended next steps. Regulatory bodies will be informed as required by applicable law. A post-incident review will ensure strengthened safeguards.

Automated Processing

Automated algorithms may analyze anonymized data to detect anomalies, plan capacity, or generate non-critical recommendations. Any automated decision that materially affects your account will be communicated to you, with an option for human review. Personalization features operate only with your explicit consent. All automated processes are documented for transparency.

Third-Party Processors

We share data only with essential third-party providers (hosting, payment gateways, email services) under strict data protection agreements. Providers are regularly audited to ensure compliance with privacy standards. No data is shared with advertisers or data brokers. All third-party transfers are logged and available for audit.

Policy Reviews & Updates

This policy is reviewed and updated at least once per year or whenever significant changes occur. Material revisions will be announced via in-service notifications and email at least fourteen days before they take effect. Continued service use after the effective date signifies acceptance. Archived versions remain accessible for transparency.