Privacy Policy
Overview
This policy explains how personal data is collected, processed, and protected across web, mobile, and API interactions. It applies to all data points, including registration, usage, and feedback. Continued use implies consent to these practices. Please review this policy periodically for changes.
Data Collection
We collect only non-sensitive data necessary for operation: email, username, IP address, device type, and usage logs. Data is obtained through explicit user inputs and automatic tracking via cookies and server logs. Sensitive categories (health, financial, biometric) are never requested. Each collection point clearly states its intended use.
Purpose & Legal Basis
Collected data is used to authenticate users, maintain security, and provide support. Aggregate analytics guide system performance enhancements and feature development. Processing is based on contractual necessity for service delivery and legitimate interests in security. Explicit consent is required for optional features such as personalized recommendations.
Cookie Policy
Essential cookies maintain login sessions and core functionality. Optional analytics cookies remain disabled until you enable them. No third-party advertising cookies are deployed without separate consent. Cookie preferences can be managed via your browser or account settings.
Security Controls
All data in transit is encrypted using modern protocols (e.g., TLS). Data at rest is encrypted with robust algorithms (e.g., AES-256) and stored in secured environments. Access is restricted by role-based controls and multi-factor authentication. Routine security assessments and penetration tests ensure ongoing protection.
User Rights
You may request access to, correction of, or deletion of your personal data at any time. Requests are processed within 30 days, subject to legal obligations. Data essential for compliance or dispute resolution may be retained in anonymized form. You can withdraw consent for optional processing without impacting core services.
Retention & Deletion
Personal data is retained only as long as necessary, typically no more than 18 months from last activity. After that period, data is deleted or irreversibly anonymized. Backups are purged within 90 days of retention expiry. Detailed retention schedules are available upon request.
Breach Notification
In the event of a confirmed data breach, affected individuals will receive notification within 72 hours. The notification will outline the breach’s nature, data categories involved, and recommended next steps. Regulatory bodies will be informed as required by law. A post-incident review will inform future risk mitigation.
Automated Processing
Anonymized data may be analyzed by automated systems for threat detection and capacity planning. If an automated decision materially affects your account, you will be notified and granted the option for Review. Non-critical personalization features operate only with consent. All automated processes are documented and auditable.
Third-Party Sharing
Data is shared exclusively with essential third-party providers under strict data protection agreements (e.g., hosting, payment processing, email services). Providers are audited regularly for compliance. No data is shared with advertisers or data brokers without explicit consent. All transfers are logged and auditable.
Policy Revisions
This policy is reviewed and updated at least once per year or upon major legal or operational changes. Material updates are communicated via email and in-service notifications at least 14 days before enactment. Continued use after the effective date signifies acceptance. Archived versions remain accessible for transparency.
