Privacy Policy
Overview
This policy describes how personal data is collected, used, and protected when you use the service via web, mobile, or API. Continued use indicates acceptance of these practices. Please review this policy periodically for any changes. Your privacy is a priority.
Data Collection Methods
Data is collected through user inputs (e.g., registration, surveys) and automated tracking (cookies, server logs). We gather only non‑sensitive personal data, such as email, username, IP address, and usage metrics. Sensitive categories are never requested. Each data‑collection point clearly states its purpose.
Processing Purposes
Personal data is used to authenticate sessions, maintain security, and provide support. Aggregated, anonymized insights guide system performance improvements and feature development. No personal data is used for marketing without separate consent. Any additional processing requires opt‑in.
Cookie Policy
Essential cookies maintain core functionality like session integrity and security tokens. Analytics cookies remain disabled until you explicitly enable them. Third‑party advertising cookies are never installed without separate consent. You may manage cookies through your browser.
Data Security
All data in transit is encrypted using TLS or equivalent standards. Data at rest is encrypted with AES‑256 or comparable algorithms in secure environments. Access is restricted by role‑based permissions and multi‑factor authentication. Regular vulnerability scans and audits uphold security.
Retention & Deletion
Personal data is retained only as long as necessary—generally no more than 18 months from last use. After that, data is securely deleted or anonymized. Backups are purged within 90 days post‑expiration. Detailed retention schedules are available on request.
User Control
You have the right to access, correct, or delete your personal data at any time. Requests are handled within 30 days, subject to legal limitations. Data needed for compliance or legal obligations may be retained in anonymized form. You can also withdraw consent for optional features.
Breach Notification
If a data breach occurs, affected users will be notified within 72 hours of confirmation. Notifications will detail breach specifics, affected data categories, and recommended next steps. Regulatory authorities will be informed as required. A thorough post‑incident review will guide improvements.
Anonymization & Aggregation
Direct identifiers are removed or replaced with pseudonyms prior to any reporting. Aggregated data sets contain no individual‑level details. Anonymized data may be retained indefinitely for research and analytics. This approach balances privacy with operational insights.
Third‑Party Sharing
We share data only with necessary third‑party processors under strict data protection agreements (e.g., hosting, payment, email). Providers undergo regular compliance audits. No data is shared with advertising or data brokers without explicit consent. All transfers are logged.
Policy Revisions
This policy is reviewed and updated at least once per year or upon major regulatory changes. Material revisions are communicated via in‑service notifications and email at least 14 days before enforcement. Continued use after the effective date signifies acceptance. Archived versions remain accessible.
