Privacy Policy
Scope
This policy applies to all personal information collected when you use the service on any device, including web, mobile, and API interfaces. It governs how data is gathered, processed, stored, and shared. Continued use of the service constitutes acceptance of these terms. Please review this policy periodically for any updates.
Data Collection
Only the minimum necessary personal data is collected, such as email addresses, usernames, IP addresses, and usage logs. Information is obtained through user inputs (e.g., registration forms) and automatically via server logs and cookies. No sensitive categories (e.g., health, financial, or biometric data) are ever requested. All collection points clearly state the purpose of processing.
Purpose of Use
Collected data is used to authenticate users, maintain security, and troubleshoot technical issues. Aggregate, anonymized metrics help improve system performance and guide new feature development. Personal data is never sold or shared with advertisers without explicit user consent. Any new uses of data will be communicated clearly and require opt-in.
Cookies & Tracking
Essential cookies and similar technologies maintain core functionality, such as login sessions and load balancing. Non-essential analytics cookies remain disabled until you explicitly enable them. No third-party advertising trackers operate without your separate consent. Cookie preferences can be managed via your browser settings or account dashboard.
Data Security
All data in transit is protected by strong encryption protocols (e.g., TLS). Stored data is encrypted at rest using robust algorithms (e.g., AES-256) and segmented storage. Access to personal data is restricted by role-based controls and multi-factor authentication. Regular security audits and penetration tests ensure vulnerabilities are promptly addressed.
Data Retention
Personal data is retained only as long as necessary to fulfill its original purpose, typically no more than twenty-four months after last activity. After this period, data is either permanently deleted or irreversibly anonymized. Backup copies are purged within ninety days following the end of the active retention period. Retention schedules are reviewed annually and documented upon request.
User Rights
You have the right to access, correct, or delete your personal data at any time. Requests are processed within thirty calendar days in accordance with applicable laws. Data required for legal compliance or dispute resolution may be retained longer but will be anonymized when possible. You may also withdraw any previously granted consents without affecting core service functionality.
Breach Notification
In the event of a confirmed data breach affecting personal information, affected individuals will receive notification within seventy-two hours of breach confirmation. The notification will include details of the breach, data categories involved, and recommended protective measures. Regulatory authorities will be informed as required by law. A full post-incident review will identify improvements for future security.
Anonymization & Aggregation
Direct identifiers (e.g., names, email addresses) are removed or replaced with non-reversible pseudonyms before any analysis or reporting. Aggregated datasets do not contain individual-level information and cannot be traced back to specific users. Anonymized data may be retained indefinitely for statistical research and service improvement. This approach ensures user privacy while enabling valuable insights.
Third-Party Processors
Data is shared only with essential third-party service providers (e.g., hosting, payment processing) under strict data protection agreements. Each processor undergoes regular audits to verify compliance with our privacy standards. No data is shared with advertisers, data brokers, or for marketing purposes. All transfers are logged and auditable upon request.
Policy Updates
This policy is reviewed at least once per year or whenever legal or operational changes occur. Material revisions are communicated via in-service notifications and email at least fourteen days before taking effect. Continued use of the service after the effective date signifies acceptance of those changes. Archived versions remain accessible for transparency.
