Privacy Policy

Scope

This policy applies to all personal information collected when you use the service via web, mobile, or API. It describes how data is gathered, processed, stored, and protected. Continued use signifies acceptance of these practices. Please review periodically for updates.

Data Collection

We collect only data necessary for core functionality: email address, user ID, device information, and usage logs. Data is obtained through user inputs and automated means (cookies, server logs). Sensitive categories (health, financial, biometric) are never requested. Each collection point clearly states its purpose.

Usage

Collected data is used to authenticate users, maintain security, and troubleshoot issues. Aggregated, anonymized metrics guide performance improvements and feature development. Personal data is never sold or rented to third parties. Any new uses will require your explicit opt‑in.

Cookies

Essential cookies support login sessions and security tokens. Non‑essential analytics cookies remain disabled until you enable them. No third‑party advertising cookies are deployed without separate consent. You may manage cookie preferences in your browser at any time.

Security

All personal data in transit uses industry‑standard encryption (e.g., TLS). Data at rest is encrypted with strong algorithms (e.g., AES‑256) and stored on secure servers. Internal access is limited by role‑based controls and multi‑factor authentication. Regular audits and penetration tests ensure ongoing protection.

Retention

We retain personal data only as long as needed—typically no more than 24 months from last use. After that period, data is securely deleted or irreversibly anonymized. Backups are purged within 90 days of expiration. Retention schedules are reviewed annually.

User Rights

You may request access to, correction of, or deletion of your personal data at any time. Requests are processed within 30 days, subject to legal requirements. Data required for compliance or dispute resolution may be retained in anonymized form. You can also withdraw consent for optional processing.

Breach Notification

In the unlikely event of a data breach, affected individuals will be notified within 72 hours of confirmation. Notifications include the breach’s nature, data categories involved, and recommended actions. Regulatory authorities will be informed as required by law. A post‑incident review will guide improvements.

Anonymization

Direct identifiers are removed or replaced with pseudonyms before any analysis. Aggregated datasets contain no individual‑level details and cannot be traced back. Anonymized data may be retained indefinitely for research and performance monitoring. This preserves privacy while enabling insights.

Third‑Party Processors

We share data only with essential third‑party providers (e.g., hosting, payments, email). Each processor is bound by strict data protection agreements and regular audits. No data is shared with advertising networks without your explicit consent. All disclosures are logged and auditable.

Policy Updates

This policy is reviewed annually or upon significant changes. Material updates are communicated via email and in‑service notifications at least 14 days before taking effect. Continued use after the effective date signifies acceptance. Archived versions remain accessible for transparency.