Privacy Policy

Introduction

This Privacy Policy outlines how personal information is handled in connection with the service. It applies to all data collected across platforms and interfaces. Your use of the service indicates acceptance of these practices. Updates may occur without direct notice, so please check back periodically.

Information Captured

We collect minimal data, including email, user IDs, device metadata, and log files. No sensitive personal categories are ever requested. Optional preferences and survey data require explicit opt-in. All data-capture points are clearly labeled.

Legal Grounds

Processing is based on contractual necessity for core features, legitimate interest in security, and user consent for optional services. Each processing activity is tied to a specific legal basis. Consent for non-essential processing can be revoked at any time. Core features remain available without optional processing.

Use of Data

Data is used to authenticate users, secure accounts, and provide support. Aggregate, de-identified analytics support performance and feature optimization. Personal data is never shared with advertisers without distinct consent. Any new data uses will be publicly disclosed and require opt-in.

Cookies and Local Storage

Essential cookies maintain login state and security tokens. Non-essential analytics cookies remain inactive until enabled by the user. You may manage or block cookies via your browser at any time. No advertising cookies are deployed without explicit permission.

Security Measures

TLS encryption protects data in transit, and AES encryption protects data at rest. Role-based access controls and multi-factor authentication limit data access. Audit logs record all access attempts and are reviewed regularly. Periodic penetration tests identify and remediate vulnerabilities.

Access & Correction

You may request access to your personal data, correct inaccuracies, or request deletion. Requests are fulfilled within 30 days, subject to legal obligations. Data necessary for compliance or dispute resolution may be retained but anonymized. Confirmation is provided upon completion.

Retention Policy

Personal data is retained no longer than necessary, typically up to 24 months after last use. Archived backups are purged within 90 days following the end of retention. Anonymized data sets may be retained indefinitely for analytics. Detailed schedules are available upon request.

Breach Response

A documented incident response plan governs breach detection, notification, and remediation. Affected users receive notifications within 72 hours of confirmation. Regulatory notifications follow applicable legal timelines. A post-incident review strengthens future security.

Automated Processing

Anonymous data is processed by automated systems for threat detection and capacity planning. Significant automated decisions affecting you will trigger notification and an option for human review. Optional personalization relies on opt-in data only. All automated logic is documented.

Policy Review

This policy is reviewed annually or upon major changes. Material amendments are announced via in-service alerts and email at least 14 days before taking effect. Continued use after the effective date implies acceptance. Archived versions remain available for transparency.