Privacy Policy

Applicability

This policy applies to all personal information collected, used, or stored through any interaction with the service. It outlines collection methods, processing purposes, storage practices, and user rights. Continued use indicates acceptance. Please review periodically for updates.

Information Collected

We gather only non‑sensitive data needed for service delivery: email, username, IP address, device metadata, and activity logs. Data is collected via user inputs and automatically via cookies and server logs. Sensitive categories are never requested. Each collection point clearly states its purpose.

Legal Basis

Processing is based on contractual necessity for providing the service, legitimate interests in security and improvement, and explicit consent for optional features. Each data use is tied to a legal basis. Consent can be revoked at any time without affecting core functions. Core processing remains lawful.

Use of Data

Personal data is used to authenticate sessions, secure accounts, and provide support. Aggregated, anonymized metrics inform performance tuning and feature development. No personal data is used for marketing without separate opt‑in. Future processing changes will be communicated clearly.

Cookies & Local Storage

Essential cookies maintain session state and security tokens. Analytics cookies remain disabled until you enable them. Third‑party tracking cookies for advertising are never deployed without approval. Browser settings allow you to block or delete cookies.

Data Security

All data exchanges use encryption (e.g., HTTPS/TLS). Data at rest is encrypted with robust algorithms and stored in secured environments. Access is restricted by role and multi‑factor authentication. Regular security assessments and penetration tests are conducted.

User Rights

You may access, correct, or delete your personal data via your account settings or support portal. Requests are processed within 30 days, subject to legal limitations. Data needed for compliance or dispute resolution may be retained in anonymized form. You can obtain a portable copy of your data.

Retention & Deletion

Personal data is retained only as long as necessary, typically no more than 18 months from last use. After that, data is deleted or anonymized. Backups are purged within 90 days following active retention. Detailed retention schedules are available on request.

Breach Procedures

In the case of a confirmed breach, affected users will be notified within 72 hours of verification. Notifications will outline breach details, data categories, and steps for mitigation. Authorities will be informed as required by law. A post‑incident review will enhance resilience.

Automated Processing

Automated systems may analyze anonymized data for anomaly detection and capacity planning. Significant automated decisions affecting your rights will trigger notification and an option for human review. Non‑critical personalization features are opt‑in only. All algorithmic processes are documented.

Policy Revision

This policy is reviewed annually or upon significant legal and operational changes. Material updates are announced via email and in‑service notifications at least 14 days before enforcement. Continued service use after the effective date signifies acceptance. Previous versions remain accessible.