Privacy Policy

Overview

This Privacy Policy outlines how personal data is collected, processed, and protected when you use the service. It applies universally to web, mobile, and API interactions. By using the service, you agree to the practices described herein. Periodic review of this policy is recommended for continued awareness.

Data We Collect

We collect only essential personal data such as email addresses, usernames, device information, and performance logs. Sensitive data categories (health, financial, biometric) are never requested. Optional data (e.g., preferences, feedback) is collected only with explicit user consent. All data-collection points clearly state their intended use.

Purpose & Use

Personal data is used to authenticate users, maintain security, and provide customer support. Aggregated, anonymized data guides infrastructure improvements and feature development. We do not share personal data with advertisers or data brokers without separate opt-in. Any new processing purposes will be clearly communicated and require explicit consent.

Cookies & Tracking

Essential cookies support core functionality such as login sessions and security tokens. Optional analytics cookies are disabled by default and can be enabled via user settings. No third-party advertising cookies are deployed without explicit permission. Cookie controls are accessible through your browser or account dashboard.

Data Security

Data in transit is secured by encryption protocols (e.g., TLS) to prevent interception. Data at rest is protected with strong encryption (e.g., AES-256) and stored in secure environments. Access is restricted to authorized personnel using multi-factor authentication and least-privilege principles. Regular security audits and vulnerability assessments validate our protections.

Retention & Deletion

Personal data is retained only as long as necessary, typically no more than twenty‌-four months after last activity. Backups are purged within ninety days after the active retention period. Anonymized datasets may be retained indefinitely for research and analytics. A detailed retention schedule is available upon request.

User Rights

You have the right to access, correct, or delete your personal data at any time. Requests are processed within thirty calendar days, subject to legal requirements. Data essential for compliance or dispute resolution may be retained but anonymized. You may also withdraw any previously given consent without affecting essential services.

Breach Notification

In the event of a confirmed data breach, affected users will be notified within seventy‌-two hours. Notifications will describe the breach’s nature, data categories involved, and recommended protective measures. Regulatory authorities will be informed as required by law. A thorough post-incident review will guide improvements.

Automated Processing

Automated systems may analyze anonymized data to detect threats or optimize resources. Any automated decision that materially affects your account will trigger a notification and an option for human review. Optional personalization features rely solely on opt-in data. All automated processes are documented and subject to audit.

Third-Party Sharing

Data is shared only with essential third-party processors under strict data protection agreements. Each processor is vetted and audited regularly for compliance. No personal data is shared for marketing or advertising purposes. All third-party transfers are logged and available for audit upon request.

Policy Updates

This policy is reviewed at least once per year or whenever significant legal or operational changes occur. Material revisions are communicated via in-service messages and email at least fourteen days before taking effect. Continued use after the effective date signifies acceptance. Archived versions remain accessible for transparency.