Privacy Policy

Applicability

This policy applies to all personal data collected, processed, or stored in connection with the service across web, mobile, and APIs. It outlines collection, usage, retention, and deletion practices. Continued use indicates acceptance of these terms. Please review periodically for updates.

Data Types Collected

We collect only non‑sensitive personal data—email, username, IP address, device metadata, and usage logs. Collection occurs via user inputs (e.g., signup) and automated tracking (cookies, server logs). Sensitive categories are never requested. Each data‑collection point clearly states its purpose.

Purpose of Collection

Collected data is used to authenticate users, maintain security, and provide support services. Aggregate, anonymized metrics guide system performance and new feature development. No personal data is used for unsolicited marketing without separate opt‑in. Any new processing purpose will require consent.

Cookies & Local Storage

Essential cookies support core functionality such as login sessions and security. Non‑essential analytics cookies remain disabled until you opt in. Third‑party advertising cookies are never deployed without explicit permission. You may block or delete cookies via your browser.

Security Practices

Data in transit is protected using TLS encryption. Data at rest is encrypted with strong algorithms and stored in secure environments. Access controls enforce least‑privilege and multi‑factor authentication. Routine vulnerability scans and security audits ensure protections.

Retention Policy

Personal data is retained only as long as necessary—typically no more than 24 months after last user activity. After retention expiry, data is securely deleted or anonymized. Backups are purged within 90 days of expiration. Retention schedules are reviewed annually.

User Rights

You have the right to access, correct, or delete your personal data at any time. Requests are handled within 30 days, subject to legal constraints. Data required for compliance or dispute resolution may be retained in anonymized form. You may withdraw consent for optional features without affecting core services.

Breach Notification

In the event of a confirmed data breach, affected users will be notified within 72 hours of verification. Notifications include breach nature, categories of data involved, and recommended protective steps. Regulatory authorities will be informed in compliance with law. A post‑incident review will inform future safeguards.

Automated Processing

Automated systems may analyze anonymized data for threat detection or resource planning. Decisions that materially affect your account will trigger notification and an option for human review. Non‑critical personalization features operate only with your explicit consent. All automated processes are documented and auditable.

Third‑Party Processors

Data is shared only with essential third‑party providers (e.g., hosting, payment gateways, email services) under strict data protection agreements. Providers undergo regular compliance audits. No personal data is shared with marketers or data brokers without separate consent. All transfers are logged.

Policy Changes

This policy is reviewed at least once per year or upon major legal or operational changes. Material updates are communicated via email and in‑service notifications at least 14 days before they take effect. Continued use after the effective date signifies acceptance. Archived versions remain accessible.