Privacy Policy

Applicability

This policy applies to all personal data collected, processed, and stored when you interact with the service via web, mobile, or API. It outlines data collection points, processing purposes, and protective measures. Continued use indicates your acceptance of these practices. Please review this policy for updates periodically.

Information Collected

We collect non-sensitive personal data, including email addresses, usernames, IP addresses, device metadata, and feature usage logs. Data is gathered via user inputs (e.g., registration, profile updates) and automated processes (e.g., cookies, server logs). Sensitive categories like health or financial data are never requested. Each collection instance clearly states its purpose.

Processing Purposes

Personal data is used to authenticate access, maintain account security, and provide technical support. Aggregate, anonymized metrics are used for performance tuning and feature improvements. Personal data is not used for unsolicited marketing without explicit, separate consent. Any new uses of data will be disclosed clearly and require opt-in.

Cookies & Tracking

Essential cookies support core functions such as session management and security. Disabled-by-default analytics cookies remain inactive until you enable them explicitly. We never deploy third-party advertising cookies without separate consent. You may manage cookie preferences in your browser or account settings.

Data Security

All data transmissions use encryption (e.g., TLS) to safeguard against eavesdropping. Data at rest is encrypted at a hardware level (e.g., AES-256). Role-based access controls and multi-factor authentication limit internal data exposure. Frequent security assessments and penetration tests validate our safeguards.

User Rights

You have the right to request access, correction, or deletion of your personal data at any time. Requests are handled within 30 days, subject to applicable legal obligations. Data required for regulatory compliance or dispute resolution may be retained in anonymized form. You may also revoke consent for optional processing at any time without affecting core services.

Retention & Deletion

Personal data is retained only as long as necessary, typically no more than 24 months from last activity. Backup copies are purged within 90 days after the retention period expires. Anonymized datasets may be retained indefinitely for research and statistical purposes. Detailed retention schedules are available upon request.

Breach Notification

If a data breach affecting personal data is confirmed, affected individuals will receive notification within 72 hours. Notification will describe the breach’s nature, affected data categories, and recommended next steps. Regulatory authorities will be informed as required by law. A comprehensive post-incident review will enhance future resilience.

Automated Processing

Automated systems may analyze anonymized data for threat detection and capacity planning. Any automated decision that significantly affects your account will trigger notification and an option for human review. Personalization features operate only with your prior consent. All automated decision-making processes are documented and audited.

Third-Party Sharing

Data is shared only with necessary third-party service providers (e.g., hosting, payment, email) under strict data protection agreements. Providers are regularly audited to ensure compliance with our privacy standards. We do not share personal data with marketing or advertising networks. All third-party data transfers are logged and available for review.

Policy Updates

This policy is reviewed annually or as needed to comply with legal or operational changes. Material revisions will be communicated via in-app notifications and email at least 14 days before implementation. Continued service use after the effective date signifies acceptance of updated terms. Archived versions remain accessible for transparency.