Privacy Policy

Applicability

This Privacy Policy applies to all personal data collected when interacting with the service. It covers data capture, usage, retention, and deletion practices. Continued use indicates acceptance of these terms. Please review periodically for any updates.

Data Collected

Only non-sensitive personal data—such as username, email, and usage logs—is collected. No health, financial, or biometric data is ever requested. Optional profile details and feedback surveys require explicit opt-in. Each collection point is accompanied by a clear purpose statement.

Purpose of Collection

Data supports authentication, account management, and technical support. Aggregate analytics guide performance optimization and feature planning. Personal data is never shared with advertisers without distinct consent. Any new data uses are publicized and opt-in only.

Consent & Choices

Optional data processing—such as personalized suggestions and advanced analytics—requires clear, separate consent. You may withdraw consent at any time via account settings. Withdrawal only affects future processing and does not retroactively delete data. Essential processing continues unaffected.

Session & Cookies

Essential cookies maintain session continuity and security tokens. Non-essential cookies for analytics remain inactive until you enable them. Browser controls allow you to block or clear cookies. No third-party trackers are deployed without explicit consent.

Security Framework

All data in transit is encrypted via HTTPS/TLS. Data at rest uses AES-256 encryption with secure key management. Access controls enforce least-privilege and require multi-factor authentication. Routine security audits and scans maintain a robust defense.

Rights to Access

You can request access to your personal data, correct inaccuracies, or delete data. Requests are handled within 30 calendar days, subject to legal requirements. Deleted data is purged from active and backup storage where feasible. Confirmation is provided upon request fulfillment.

Retention & Deletion

User data is retained only as long as necessary, typically up to 24 months after last activity. Archived backups are purged within 90 days of retention expiration. Anonymized datasets may be kept indefinitely for research. Detailed retention schedules are available upon request.

Breach Notification

In case of a confirmed breach involving personal data, notifications will be sent within 72 hours. Notifications will explain the breach scope, involved data types, and recommended actions. Required regulatory notifications will be made promptly. A comprehensive post-incident review will follow.

Third-Party Sharing

Data is shared only with essential service providers under strict data protection agreements. No personal data is shared for marketing or advertising. All third-party transfers are logged and auditable. Providers are regularly audited for compliance.

Policy Updates

This policy is reviewed and updated at least annually or as required by law. Material changes are announced at least 14 days before they take effect via in-service notices and email. Continued use after the effective date implies acceptance. Prior versions remain accessible for transparency.