Privacy Policy

Applicability

This policy applies to all personal data collected, stored, or processed in connection with the service. It covers data provided by you and data generated through usage. Continued use indicates acceptance of these practices. Updates may occur without explicit notice; please review periodically.

Data Types Collected

We collect only non‑sensitive personal data—email, user ID, device metadata, IP address, and usage logs. Data is obtained via user inputs and automatic tracking (cookies, server logs). Sensitive categories such as health or financial data are never requested. Each collection point clearly states its purpose.

Purpose of Processing

Personal data is used to authenticate sessions, maintain security, and provide support. Aggregate, anonymized metrics guide performance optimization and feature enhancements. We do not share personal data for advertising without separate consent. Any new processing uses will require opt‑in.

Legal Basis

Processing is based on contractual necessity for service provision, legitimate interests in security, and explicit user consent for optional features. Each processing activity is tied to a specified legal basis. Consent for non‑essential processing may be withdrawn at any time. Core functionality remains unaffected.

Cookie Policy

Essential cookies support core functions such as login sessions and security. Disabled‑by‑default analytics cookies may be enabled by you at any time. No third‑party advertising cookies are deployed without explicit permission. Cookie settings can be managed via your browser or account controls.

Security Measures

Data in transit is encrypted using TLS or comparable standards. Data at rest is encrypted with strong algorithms and maintained in access‑controlled facilities. Role‑based permissions and multi‑factor authentication limit internal access. Regular audits and vulnerability scans ensure compliance.

User Rights

You have the right to access, correct, or delete your personal data at any time. Requests are handled within thirty days, subject to legal constraints. Data required for regulatory compliance may be retained in anonymized form. You may also request a portable copy of your data.

Retention & Deletion

Personal data is retained only as long as necessary—generally no more than 24 months from last activity. After that period, data is permanently deleted or irreversibly anonymized. Backups are purged within 90 days following retention expiry. Detailed retention schedules are provided upon request.

Breach Notification

In the unlikely event of a data breach, affected users will receive notification within 72 hours of confirmation. Notifications detail the breach’s nature, data categories involved, and recommended mitigation steps. Authorities will be informed as required by law. A post‑incident review will guide future safeguards.

Automated Decision‑Making

Automated systems may analyze anonymized data for threat detection, capacity planning, or non‑critical recommendations. Any automated decision that materially affects your account will trigger notification and an option for manual review. Optional personalization features operate only with your consent. All automated processes are documented.

Policy Revisions

This policy is reviewed annually or upon significant legal or operational changes. Material updates are communicated via email and in‑service notifications at least 14 days before taking effect. Continued use after the effective date signifies acceptance. Archived versions remain accessible for transparency.