Privacy Policy
Scope
This policy applies to all personal information collected when you interact with the service via web, mobile, or API. It outlines how data is gathered, processed, stored, and shared. Continued use of the service implies acceptance of these practices. Please review this policy periodically for updates.
Information Collected
We collect only the data necessary to provide and improve core functionality, including email addresses, user IDs, device metadata, and usage logs. Collection occurs through user inputs (e.g., registration, feedback) and automatic processes (e.g., cookies, server logs). Sensitive categories such as health, financial, or biometric data are never requested. Each collection point clearly states its purpose.
Use of Data
Collected data is used to authenticate sessions, maintain security, and troubleshoot technical issues. Aggregate, anonymized insights help optimize performance and guide feature development. Personal data is never sold or shared with advertisers without explicit consent. Any new processing purposes will be communicated and require opt-in.
Cookies & Tracking
Essential cookies maintain login sessions and security tokens. Non-essential analytics cookies remain disabled until explicitly enabled in settings. Third-party advertising trackers are not deployed without separate permission. Cookie preferences can be managed via your browser or account dashboard.
Data Security
All data in transit is protected by industry-standard encryption (e.g., TLS). Data at rest is encrypted with robust algorithms (e.g., AES-256) and stored in access-controlled facilities. Internal access is governed by role-based controls and multi-factor authentication. Regular security audits and penetration tests ensure ongoing protection.
Data Retention
We retain personal data only as long as necessary to fulfill its original purpose, typically no more than 24 months from last activity. After this period, data is securely deleted or irreversibly anonymized. Backups are purged within 90 days of retention expiry. Retention schedules are reviewed annually.
User Rights
You may request access to, correction of, or deletion of your personal data at any time. Requests are processed within 30 days, subject to legal requirements. Data essential for compliance or dispute resolution may be retained in anonymized form. You can also withdraw consent for optional processing without affecting core services.
Breach Notification
In the event of a confirmed data breach affecting your information, you will be notified within 72 hours of verification. Notifications will include the breach’s nature, data categories involved, and recommended mitigation steps. Regulatory authorities will be informed as required by law. A post-incident review ensures improved safeguards.
Anonymization & Aggregation
Direct identifiers are removed or replaced with irreversible pseudonyms before any analytical use. Aggregated data sets contain no individual-level details and cannot be traced back to specific users. Anonymized data may be retained indefinitely for research and performance monitoring. This approach protects privacy while enabling insights.
Third-Party Processors
Data is shared only with essential third-party providers (e.g., hosting, payment, email) under strict data protection agreements. Each processor is regularly audited for compliance with privacy standards. No data is shared with advertisers or data brokers without explicit consent. All transfers are logged and auditable.
Policy Updates
This policy is reviewed and updated at least once per year or upon significant legal or operational changes. Material revisions will be communicated via in-service notifications and email at least 14 days before taking effect. Continued use after the effective date signifies acceptance. Archived versions remain accessible for transparency.
