Privacy Policy

General Overview

This policy explains how personal data is collected, used, and safeguarded when you use the service. It applies across all platforms, including web, mobile, and APIs. Continued use indicates consent to these practices. Updates may occur without direct notice, so please review periodically.

Information Collected

We gather only non-sensitive data: email addresses, usernames, device details, IP addresses, and interaction logs. Data is collected via user inputs (e.g., sign-up, feedback) and automatically (e.g., cookies, server logs). No sensitive categories are ever requested. Each data-collection point clearly states its purpose.

Purpose of Processing

Personal data is processed to authenticate users, maintain security, and deliver support. Aggregate, anonymized analytics guide reliability improvements and feature enhancements. We never use data for marketing without separate consent. Any additional processing will be disclosed and require opt-in.

Legal Basis

Processing relies on contractual necessity for service provision, legitimate interests for security, and explicit consent for optional features. Each data use has a clearly defined legal basis. Consent can be revoked at any time without affecting essential services. Core functions remain operational regardless of consent changes.

Cookies & Local Storage

Essential cookies maintain session state and security tokens. Analytics cookies remain disabled until you enable them. Third-party advertising cookies are never used without explicit permission. Cookie preferences can be managed via your browser or privacy settings.

Data Security Measures

All data in transit is encrypted using TLS or equivalent standards. Data at rest is secured with AES-256 encryption or better. Access is restricted by role-based controls and multi-factor authentication. Regular vulnerability assessments and penetration tests ensure robust defenses.

User Access & Control

You have the right to access, correct, or delete your personal data through the support portal or account dashboard. We fulfill valid requests within 30 days, subject to legal requirements. Information required for legal compliance may be retained but anonymized. You can also request a portable copy of your data.

Retention & Deletion

Personal data is retained only as long as necessary—generally no more than 18 months from last user activity. Backup copies are purged within 90 days after active retention expires. Anonymized datasets may be retained indefinitely for research and analytics. Detailed retention schedules are available upon request.

Breach Response

In case of a confirmed data breach, affected individuals will be notified within 72 hours of breach verification. Notifications will outline the breach details, data types involved, and mitigation steps. Authorities will be informed as required by law. A thorough post-incident analysis will guide improvements.

Automated Decision-Making

Automated systems may analyze anonymized data for threat detection and capacity planning. Any automated decision that materially affects you will trigger notification and an option for manual review. Personalization features operate only with your consent. All automated processes are documented for auditing.

Policy Revisions

This policy is reviewed annually or upon major changes. Material updates will be announced via email and in-service notifications at least 14 days before they take effect. Continued use after the effective date signifies acceptance. Archived versions remain accessible for full transparency.