Privacy Policy

Applicability

This policy applies to all personal data collected, processed, or stored in connection with the service, including web, mobile, and API interactions. It governs collection methods, processing purposes, storage, and user rights. Continued use indicates acceptance. Please review for updates regularly.

Data We Collect

We collect only non-sensitive data necessary for core operations: email, user ID, IP address, device type, and activity logs. Data is gathered through explicit user inputs and automatically via cookies and server logs. No health, financial, or biometric data is ever requested. Each collection point clearly states its purpose.

Processing Purposes

Collected data is used to authenticate sessions, ensure security, and provide support. Aggregate, anonymized analytics help improve performance and guide feature development. No personal data is sold or shared with advertisers without separate consent. New processing use cases will be disclosed and require opt-in.

Legal Basis

Processing is based on contractual necessity for service delivery, legitimate interests for security, and explicit user consent for optional features. Each data use is tied to a specific legal basis. Consent for non-essential processing can be revoked at any time. Core service functions remain unaffected.

Cookies & Tracking

Essential cookies maintain session integrity and security tokens. Non-essential analytics cookies remain inactive until you enable them. Third-party advertising cookies are never deployed without explicit permission. You may manage or block cookies through your browser or account settings.

Security Measures

Data in transit is encrypted using TLS to prevent eavesdropping. Data at rest is encrypted with robust algorithms (e.g., AES-256) and stored in secured environments. Access is limited by role-based permissions and two-factor authentication. Regular security audits and penetration tests ensure ongoing protection.

User Rights

You have the right to access, correct, or delete your personal data at any time. Requests are processed within thirty days, subject to legal requirements. Data required for compliance or dispute resolution may be retained in anonymized form. You may also withdraw consent for optional processing.

Retention Policy

Personal data is retained only as long as necessary—typically no more than 24 months from the date of last activity. After that, data is securely deleted or irreversibly anonymized. Backups are purged within 90 days after the retention period ends. Detailed retention schedules are available upon request.

Breach Notification

In the unlikely event of a data breach affecting personal information, affected users will be notified within 72 hours of verification. Notifications will include the breach’s nature, categories of data involved, and recommended mitigation steps. Regulatory authorities will be informed as required. A thorough post-incident review will enhance future safeguards.

Automated Decision-Making

Automated systems may analyze anonymized data to detect threats or optimize resources. Any automated decision materially affecting your account will prompt notification and an option for human review. Optional personalization features operate only with explicit consent. All automated processes are documented for transparency.

Policy Updates

This policy is reviewed at least annually or upon significant legal or operational changes. Material revisions are communicated via in-service notices and email at least 14 days before taking effect. Continued use of the service after the effective date signifies acceptance. Archived versions remain accessible for transparency.