Privacy Policy

Overview

This policy describes how personal data is collected, processed, and protected across all service platforms. It applies to usage on web, mobile, and API interfaces. Your use of the service indicates acceptance of these practices. Updates may occur without direct notice, so please review periodically.

Data Collection

Only essential personal data—such as email addresses, user IDs, device metadata, and usage logs—is collected. Data is obtained through user inputs (e.g., registration forms) and automatic processes (e.g., cookies, server logs). Sensitive categories (health, financial, biometric) are never requested. Each collection point clearly states its intended use.

Purposes for Processing

Data is used for authentication, security, and customer support. Aggregate, anonymized metrics guide system performance improvements and new feature development. Personal data is not shared with advertisers without explicit consent. Any additional uses will be communicated in advance and require opt-in.

Cookies & Tracking

Essential cookies maintain login sessions and security tokens. Non-essential analytics cookies are disabled by default and can be enabled by you at any time. No third-party advertising trackers are deployed without your separate consent. Cookie preferences can be managed in your browser or account settings.

Data Security

All data transmissions are encrypted using TLS or equivalent protocols to prevent interception. Data at rest is stored in encrypted databases with strict access controls. Role-based permissions and multi-factor authentication limit internal access. Regular security audits and vulnerability scans help maintain robust defenses.

Retention & Deletion

Personal data is retained only as long as necessary—typically no more than 24 months from last user activity. After that, data is either permanently deleted or irreversibly anonymized. Backups are purged within 90 days after the active retention period expires. Retention schedules are reviewed annually.

User Rights

You may request access to, correction of, or deletion of your personal data at any time via support or account settings. We process valid requests within 30 calendar days, subject to legal requirements. Some data required for compliance or dispute resolution may be retained but will be anonymized. You may withdraw previously given consent for optional processing without affecting core functionality.

Breach Notification

In the event of a confirmed data breach, affected users will receive notification within 72 hours of breach confirmation. The notification will include the breach’s nature, categories of affected data, and recommended protective measures. Regulatory authorities will be informed as required by applicable law. A thorough post-incident review will inform future improvements.

Anonymization & Aggregation

All direct identifiers are removed or replaced with one-way hashes before any analytics or reporting. Aggregated data sets never contain individual-level information and cannot be traced back to specific users. Anonymized data may be retained indefinitely for statistical and research purposes. This practice ensures user privacy while enabling operational insights.

Third-Party Service Providers

Data is shared only with essential third-party providers (e.g., hosting, payment processors, email services) under strict data protection agreements. Providers are regularly audited to ensure compliance with privacy standards. No personal data is shared with advertisers or data brokers. All third-party transfers are logged and auditable.

Policy Updates

This policy is updated at least once per year or whenever significant legal or operational changes occur. Material revisions will be communicated via in-service notifications and email at least 14 days before taking effect. Continued use of the service after the effective date indicates acceptance of updated terms. Archived versions remain accessible for transparency.