Privacy Policy

Scope

This policy governs all personal information collected when you access or use the service on any platform. It explains how data is gathered, processed, stored, and shared. Your continued use signifies acceptance of these terms. Please review this policy periodically for updates.

Data Collection

We collect only the data necessary to deliver core functionality—such as email, user ID, device type, and usage logs. Collection occurs through user inputs and automated processes (cookies, server logs). Sensitive categories (health, financial, biometric) are never requested. Each data point is clearly labeled with its purpose.

Purpose of Use

Collected data is used to authenticate sessions, maintain security, and troubleshoot issues. Aggregated, anonymized metrics guide performance improvements and feature development. We do not sell or rent personal data for marketing without explicit consent. Any new uses will be communicated and require opt‑in.

Cookies & Tracking

Essential cookies maintain login sessions and security tokens. Optional analytics cookies remain disabled until you enable them. No third‑party advertising trackers are deployed without your separate permission. Cookie preferences can be managed in your browser or account settings.

Data Security

All data in transit is protected by industry‑standard encryption (e.g., TLS). Data at rest is encrypted with strong algorithms (e.g., AES‑256) in secure environments. Internal access is limited by role‑based controls and multi‑factor authentication. Regular audits and vulnerability assessments are performed.

Data Retention

Personal data is retained only as long as needed to fulfill its original purpose, generally no more than 24 months after last use. After this period, records are securely deleted or irreversibly anonymized. Backups are purged within 90 days of retention expiry. Retention schedules are reviewed annually.

User Rights

You have the right to access, correct, or delete your personal data at any time. Requests are handled within 30 days, subject to legal requirements. Data necessary for compliance or dispute resolution may be retained in anonymized form. You may also withdraw consent for optional processing.

Breach Notification

In the event of a confirmed data breach affecting personal information, affected users will be notified within 72 hours. Notifications include the breach’s nature, data involved, and recommended actions. Regulatory authorities will be informed as required. A post‑incident review will guide improvements.

Anonymization & Aggregation

Direct identifiers are removed or pseudonymized before any analytical use. Aggregated datasets contain no individual‑level details and cannot be reverse‑engineered. Anonymized data may be retained indefinitely for research. This approach balances privacy with insight.

Third‑Party Processors

We share data only with essential third‑party providers (e.g., hosting, payments, email) under strict agreements. Each processor undergoes regular compliance audits. No data is shared with advertising networks without consent. All transfers are logged and auditable.

Policy Updates

This policy is reviewed and updated at least once per year or upon significant legal or operational changes. Material revisions are communicated via in‑service notices and email 14 days before taking effect. Continued use after the effective date signifies acceptance. Archived versions remain accessible.