Privacy Policy

Scope & Applicability

This policy applies to all personal information collected when you access or use the service on any device or platform. It explains how data is gathered, processed, stored, and shared. Your continued use of the service signifies acceptance of these practices. Please review this policy periodically for updates.

Data We Collect

We collect only the minimum personal data necessary for core functionality, including names, email addresses, IP addresses, device type, and usage logs. Collection occurs through explicit user inputs (e.g., registration, feedback) and automated processes (e.g., cookies, server logs). Sensitive categories such as health, financial, or biometric data are never collected. Each data‑collection point clearly states its purpose.

Use of Information

Collected data is used to authenticate accounts, maintain security, and provide customer support. Aggregate, anonymized metrics guide system optimizations and feature development. We do not sell or rent personal data to third parties for marketing. Any new uses of personal data will require explicit opt‑in and clear notification.

Cookies & Tracking

Essential cookies support core functionality such as login sessions and security tokens. Analytics cookies remain disabled until you explicitly enable them. No third‑party advertising trackers are deployed without separate consent. You may manage cookie settings through your browser or account preferences.

Data Security

All data in transit is encrypted using industry‑standard protocols (e.g., TLS). Data at rest is stored in encrypted databases with strict access controls. Internal access requires multi‑factor authentication and least‑privilege permissions. Regular security audits and penetration tests ensure ongoing protection.

Data Retention

Personal data is retained only as long as necessary to fulfill its original purpose, typically no more than 24 months after last user activity. After this period, data is securely deleted or irreversibly anonymized. Backup copies are purged within 90 days of retention expiry. Retention schedules are reviewed annually.

User Rights

You may request access to, correction of, or deletion of your personal data at any time. Requests are processed within 30 calendar days, subject to applicable laws. Data required for compliance or dispute resolution may be retained in anonymized form. You may also withdraw consent for optional processing without affecting core services.

Breach Notification

In the unlikely event of a confirmed data breach affecting personal information, affected users will be notified within 72 hours of breach confirmation. Notifications will include the breach’s nature, data categories involved, and recommended actions. Regulatory authorities will be informed as required by law. A post‑incident review will guide improvements.

Anonymization & Aggregation

Direct identifiers are removed or replaced with pseudonyms before any analytical or reporting use. Aggregated datasets contain no individual‑level information and cannot be traced back to specific users. Anonymized data may be retained indefinitely for research and performance monitoring. This approach balances privacy with operational insights.

Third‑Party Processors

We share data only with essential third‑party providers (e.g., hosting, payment processing, email delivery) under strict data protection agreements. Each processor undergoes regular compliance audits. No personal data is shared with advertising networks or data brokers without explicit consent. All disclosures are logged and auditable.

Policy Updates

This policy is reviewed and updated at least once per year or upon significant legal or operational changes. Material revisions will be communicated via in‑service notices and email at least 14 days before taking effect. Continued use after the effective date signifies acceptance. Archived versions remain accessible for transparency.