Privacy Policy

Applicability

This policy governs all personal data collected through your interactions with the service, including web, mobile, and API. It describes collection, use, storage, and deletion practices. Continued use indicates acceptance of these terms. Please consult this policy regularly for updates.

Information Collected

We collect only non‑sensitive personal data, such as usernames, email addresses, IP addresses, device metadata, and usage patterns. Data is gathered via user inputs (e.g., registrations, surveys) and automated logs (e.g., cookies, analytics). Sensitive data categories are never requested. Each collection point clearly states its intended use.

Purpose of Processing

Personal data is processed to authenticate users, secure data, and provide support services. Aggregate, anonymized metrics help improve performance and guide feature development. No data is used for unsolicited marketing without separate, explicit consent. Any new processing purposes will require opt‑in.

Legal Basis

Processing relies on contractual necessity for service provision, legitimate interests for security and improvement, and explicit consent for optional features. Each data use is tied to a specific legal basis. Consent can be revoked at any time without affecting essential services. Core functionality remains unaffected by consent changes.

Cookies & Similar Technologies

Essential cookies maintain login sessions and security tokens. Analytics cookies remain inactive until you enable them. No advertising or tracking cookies are deployed without your separate permission. You may block or delete cookies through your browser settings.

Security Measures

All data in transit uses encryption protocols such as TLS. Data at rest is protected by strong encryption (e.g., AES‑256) and stored in secure facilities. Access is limited by role‑based permissions and multi‑factor authentication. Routine vulnerability scans and security audits validate protections.

User Rights & Controls

Users have the right to access, correct, or delete their personal data through account settings or support requests. Valid requests are processed within 30 days, subject to legal obligations. Data needed for compliance or dispute resolution may be retained in anonymized form. You may also obtain a portable copy of your data.

Retention & Deletion

Personal data is retained only as long as necessary—generally no more than 18 months from the last user activity. After that, data is deleted or permanently anonymized. Backup archives are purged within 90 days of retention expiration. Detailed retention schedules are available upon request.

Breach Response

In the event of a confirmed data breach, affected individuals will be notified within 72 hours of verification. Notifications will describe breach details, affected data categories, and recommended protective steps. Regulatory authorities will be informed as required by law. A thorough post‑incident review will guide future safeguards.

Automated Decision‑Making

Automated systems may analyze anonymized data for threat detection and resource planning. Any automated decision that materially affects your account will trigger notification and an option for human review. Personalization features operate only with your explicit consent. All algorithmic processes are documented for transparency.

Policy Revisions

This policy is reviewed at least annually or upon significant regulatory or operational changes. Material updates are announced via email and in‑service notifications at least 14 days before they take effect. Continued service use after the effective date signifies acceptance. Archived versions remain accessible for transparency.