Privacy Policy

Applicability

This policy applies to all personal data collected, processed, or stored when you interact with the service via any channel. It governs collection methods, processing purposes, storage, and deletion. Continued use indicates acceptance of these terms. Please review periodically for updates.

Data Types Collected

We collect non-sensitive data: email, user ID, device metadata, IP address, and usage logs. Collection is via user-provided inputs and automatic tracking (cookies, server logs). No health, financial, or biometric data is ever requested. Each collection point clearly states its purpose.

Use & Processing

Collected data is used to authenticate sessions, maintain system security, and provide support. Aggregate, anonymized metrics inform performance tuning and feature enhancements. We do not share personal data for marketing without explicit consent. Any expansion of processing will be communicated and require opt-in.

Cookie Policy

Essential cookies maintain core services like login sessions and security tokens. Non-essential analytics cookies remain disabled until you enable them. No third-party advertising cookies are deployed without separate consent. Cookie preferences are manageable via your browser or account settings.

Security Controls

Data in transit is encrypted using TLS or comparable protocols. Data at rest is protected with strong encryption (e.g., AES-256) and stored in secure environments. Access is limited by role-based permissions and multi-factor authentication. Regular security reviews and pen tests ensure ongoing protection.

User Rights

You have the right to access, correct, or delete your personal data at any time. Requests are processed within thirty days in accordance with applicable law. Data required for compliance or dispute resolution may be retained but anonymized. You may also withdraw consent for optional processing without affecting core services.

Retention Policy

Personal data is retained only as long as necessary—typically no more than 24 months from the last activity. After that, data is permanently deleted or irreversibly anonymized. Backups are purged within ninety days after retention expiry. Detailed schedules are available upon request.

Breach Notification

In the event of a confirmed data breach, affected users will be notified within seventy-two hours of breach confirmation. Notifications include breach scope, categories of data involved, and recommended steps. Regulatory authorities are informed as required by law. A post-incident review will guide improvements.

Anonymization & Aggregation

All direct identifiers are removed or pseudonymized before any analytical or reporting use. Aggregated datasets never contain individual-level information and cannot be traced back to specific users. Anonymized data may be retained indefinitely for research and trend analysis. This protects privacy while enabling insights.

Third-Party Processors

We share data only with essential third-party providers under strict data protection agreements (e.g., hosting, payment processing, email). Providers undergo regular compliance audits. No data is shared with advertisers or data brokers without separate consent. All transfers are logged and auditable.

Policy Updates

This policy is reviewed at least once per year or upon significant changes in law or operations. Material revisions are communicated via email and in-service notifications at least 14 days before taking effect. Continued use after the effective date signifies acceptance. Archived versions remain available for transparency.