Privacy Policy
Applicability
This policy applies whenever personal information is collected in connection with the service—whether via web, mobile, or APIs. It governs data collection, use, disclosure, and protection. Continued use implies acceptance of these practices. Updates may occur without explicit notice, so please review periodically.
Information Collected
We collect only the data necessary for authentication and functionality: email addresses, user IDs, device metadata, and usage logs. Collection is through user inputs and automated processes such as cookies and server logs. No sensitive data (health, financial, biometric) is ever requested. Each collection point clearly states its purpose.
Use of Data
Personal data is used to authenticate user sessions, maintain security, and provide support. Aggregate, anonymized metrics inform performance improvements and feature development. We do not share personal data with advertisers or data brokers without explicit consent. Any new data uses will be communicated and require opt-in.
Cookies & Tracking
Essential cookies maintain sessions and security tokens. Non-essential cookies for analytics remain disabled until you enable them. Third-party advertising cookies are never used without separate consent. Cookie controls are available via your browser or account settings.
Data Protection
All data in transit is encrypted via TLS to prevent interception. Data at rest is encrypted with strong algorithms (e.g., AES-256) and stored in secure, access-controlled environments. Access is limited by role-based permissions and multi-factor authentication. Regular security assessments and audits ensure ongoing protection.
User Rights
You may request access to, correction of, or deletion of your personal data at any time. Requests are fulfilled within 30 calendar days, subject to legal constraints. Data required for compliance or dispute resolution may be retained in anonymized form. You can also withdraw consent for optional processing without affecting core services.
Retention & Deletion
Personal data is retained only as long as necessary—typically no more than 24 months from last user activity. After that, data is permanently deleted or irreversibly anonymized. Backups are purged within 90 days following the retention period. Detailed retention schedules are provided upon request.
Breach Notification
In the event of a confirmed data breach, affected individuals will be notified within 72 hours of verification. Notifications include the breach’s nature, categories of data affected, and recommended remedies. Regulatory authorities will be informed as required by law. A comprehensive post-incident review will guide future improvements.
Automated Decisions
Automated systems may analyze anonymized data for threat detection or capacity planning. If an automated decision materially affects your account, you will receive notice and an option for human review. Non-critical personalization features operate only with your consent. All automated processes are documented and auditable.
Third-Party Processors
Data is shared only with essential third-party processors under strict data protection agreements (e.g., hosting, payments, email). Each processor undergoes regular compliance audits. No data is shared with advertisers or brokers without explicit opt-in. All third-party transfers are logged and auditable.
Policy Updates
This policy is reviewed and updated annually or upon significant changes. Material revisions are announced via email and in-service notices at least 14 days before they take effect. Continued use after the effective date indicates acceptance. Archived versions remain accessible for transparency.
