Privacy Policy

Scope

This policy governs the handling of all personal data collected through the service on any platform. It covers collection, processing, storage, sharing, and deletion. Continued use denotes acceptance. Updates may occur without direct notice; please review periodically.

Data Collection

We collect only the personal data essential for operation: email, user ID, device information, and usage logs. Collection occurs via user inputs (registration, feedback) and automated means (cookies, server logs). Sensitive data categories are never requested. Each collection point clearly states its purpose.

Purpose of Processing

Personal data is processed to authenticate user sessions, secure accounts, and provide support. Aggregated, anonymized metrics guide system improvements and feature roadmaps. We do not use personal data for advertising without separate consent. Any new uses will require opt‑in.

Cookies & Tracking

Essential cookies maintain session and security tokens. Analytics cookies remain disabled until explicitly enabled by you. No third‑party advertising cookies are deployed without separate permission. Cookie preferences can be adjusted via browser settings.

Data Security

All data in transit is protected via encryption standards (e.g., TLS). Data at rest is encrypted with AES‑256 or equivalent in secured environments. Access is controlled by role‑based permissions and multi‑factor authentication. Regular security audits and vulnerability scans validate protections.

User Rights

You have the right to access, correct, or delete your personal data at any time. Requests are handled within thirty days in compliance with applicable laws. Data required for compliance or legal obligations may be retained in anonymized form. You may withdraw consent for optional features without affecting core services.

Retention & Deletion

Personal data is retained only as long as necessary, typically no more than 24 months from last user activity. After retention expiry, data is securely deleted or anonymized. Backups are purged within 90 days of expiration. Detailed retention timelines are available upon request.

Breach Notification

If a data breach occurs involving personal data, affected individuals will be notified within 72 hours of confirmation. Notifications include breach specifics, categories of data affected, and recommended protective steps. Regulatory authorities will be informed as required. A post‑incident review will guide improvements.

Anonymization & Aggregation

Direct identifiers are removed or replaced with irreversible pseudonyms prior to any reporting. Aggregated datasets do not contain individual‑level details. Anonymized data may be retained indefinitely for research and analytics. This approach preserves privacy while enabling insights.

Third‑Party Sharing

We share data only with essential third‑party processors bound by strict data protection agreements (e.g., hosting, payments, email). Processors undergo regular compliance audits. No data is shared with advertisers or brokers without explicit consent. All transfers are logged.

Policy Changes

This policy is reviewed at least once per year or upon major regulatory changes. Material updates are communicated via email and in‑service notices 14 days before taking effect. Continued use after the effective date signifies acceptance. Archived versions remain accessible for transparency.