Privacy Policy

Overview

This policy describes how personal data is collected, used, and protected across all service interactions. It applies to any data you provide or that is generated by usage. Continued use indicates acceptance of these practices. Please review periodically for updates.

Data Collected

We collect only non‑sensitive personal data—email, username, IP address, device type, and usage metrics. Data is obtained via explicit user inputs and automatic processes (cookies, server logs). Sensitive categories such as health or financial data are never collected. Each collection point clearly states its purpose.

Purpose & Legitimate Interests

Personal data is used to authenticate access, maintain security, and deliver support. Aggregate, anonymized analytics inform system optimization and feature development. Processing is based on contractual necessity and legitimate interests in service security. Consent is required for optional features.

Cookies & Tracking

Essential cookies maintain session continuity and security. Non‑essential analytics cookies are disabled until you enable them. No third‑party advertising cookies are used without explicit permission. Cookie preferences can be managed via browser or account settings.

Security Practices

Data in transit is encrypted using modern protocols (e.g., TLS). Data at rest is encrypted with strong algorithms (e.g., AES‑256) and stored in secure environments. Access is restricted by role and multi‑factor authentication. Regular security audits and penetration tests validate defenses.

User Rights

You may request access to, correction of, or deletion of your personal data at any time. Requests are fulfilled within thirty days, subject to legal requirements. Data required for compliance or legal obligations may be retained in anonymized form. You may also withdraw consent for optional processing.

Retention & Deletion

Personal data is retained only as long as necessary—typically no more than 24 months from last use. Afterwards, data is permanently deleted or irreversibly anonymized. Backups are purged within 90 days after retention expiry. Detailed retention schedules are available upon request.

Breach Notification

In the event of a confirmed data breach, affected users will receive notification within 72 hours. Notifications include details of the breach, data categories impacted, and recommended steps. Authorities will be informed as required by law. A post‑incident review will guide improvements.

Automated Decisions

Automated systems may analyze anonymized data for threat detection and resource planning. Any automated decision that materially affects your account will trigger notification and an option for human review. Optional personalization features operate only with explicit consent. All processes are documented for audit.

Third‑Party Processors

Data is shared only with necessary third‑party providers bound by strict data protection agreements (e.g., hosting, payments, email). Providers undergo regular security and compliance audits. No data is shared with advertisers or data brokers without explicit opt‑in. All transfers are logged.

Policy Updates

This policy is reviewed annually or upon significant changes. Material revisions are communicated via email and in‑service notices at least 14 days before taking effect. Continued use after the effective date signifies acceptance. Archived versions remain accessible for transparency.