Privacy Policy

Overview

This Privacy Policy explains how personal data is handled when you interact with the platform. It covers collection, processing, use, storage, and disclosure. By using the service, you acknowledge these terms. Periodic review is recommended to stay informed of changes.

Data Collected

We gather only essential personal details (username, email), device metadata, and usage logs for operational purposes. No sensitive categories such as health or financial data are collected. Optional feedback is collected only with explicit consent. All points of data capture are clearly signposted.

Purposes and Lawfulness

Data is processed for authentication, fraud detection, technical support, and service optimization. Legitimate interests and contractual necessity provide legal bases for processing. Separate consent is obtained for marketing communications and advanced analytics. You may withdraw consent at any time.

Minimization and Retention

Collection is limited to data necessary for each defined purpose. Personal data is retained up to twenty-four months from last activity, then anonymized or deleted. Backup and archival copies follow a ninety-day purge schedule. Retention policies are documented and available upon request.

Cookie Usage

Essential cookies maintain session state and security. Analytics cookies remain disabled by default and can be enabled in user settings. No advertising or profiling cookies are deployed without explicit permission. Browser controls also allow you to block all cookies if desired.

Data Security

All data exchanges use TLS encryption. Data at rest resides in encrypted storage with hardware security modules for key protection. Access is restricted by role and logged for audit purposes. Quarterly security assessments ensure ongoing resilience.

User Access Rights

You may request access to your data, correction of inaccuracies, or permanent deletion of records. Requests are handled within thirty days in compliance with relevant laws. Data subject request forms are available through the support portal. Certain records may be exempt if legally required to retain.

Breach Notification

Confirmed breaches affecting personal data prompt user notifications within 72 hours. Communications include breach details, data categories affected, and mitigation steps. Regulatory notifications follow applicable timelines. A full root-cause analysis is conducted to prevent recurrence.

Automated Systems

Automated processes analyze anonymized data for anomaly detection and recommendation features. Significant automated decisions affecting your rights trigger notification and an option for manual review. Non-critical personalization features are opt-in only. Controls in your privacy dashboard allow you to disable automation.

Third-Party Processors

Data is shared with third-party processors solely for essential services like hosting and payments. All processors sign data protection agreements ensuring compliance. No personal data is shared for marketing or advertising. Disclosures are logged and auditable.

Policy Updates

This policy is reviewed at least annually or when regulations change. Material amendments are announced via in-app message and email at least fourteen days before taking effect. Continued use after the effective date constitutes acceptance. Archived versions remain available for transparency.