Privacy Policy

This Privacy Policy describes how we handle personal data when you interact with our service through any channel. It covers data collection, usage, sharing, retention, and your rights. By using the service, you agree to the terms herein. We recommend reviewing this policy regularly for updates.

We gather only the minimal data needed for account creation and secure access, including username, email, and encrypted password hashes. No health, financial, or similarly sensitive data is ever requested. Users may opt in to optional profile enhancements without affecting basic functionality. All data‑capture activities are transparent and clearly presented.

Usage telemetry includes feature invocation counts, error logs, and session durations. These data points help us detect and resolve issues promptly. Telemetry is aggregated and anonymized for internal reporting; no personal identifiers are retained in long‑term analytics. We purge raw telemetry logs after twelve months.

Core session cookies and secure tokens maintain authentication and protect against session hijacking. Essential cookies cannot be disabled without compromising log‑in capability. You can manually clear cookies at any time, but this forces re‑authentication. No tracking or advertising cookies are used without explicit, separate consent.

All data in transit employs state‑of‑the‑art TLS encryption to prevent interception. Data at rest is protected using AES encryption and isolated storage clusters. Access to stored data is strictly controlled via role‑based permissions and routinely audited. Quarterly penetration tests validate our security defences.

You have the right to request any personal data we hold about you, to correct inaccuracies, and to ask for its deletion. Requests are fulfilled within thirty calendar days in accordance with applicable regulations. Once deleted, data is removed from active systems and scheduled for removal from backups under our disaster‑recovery procedures. Exceptions only apply when retention is legally mandated or necessary for dispute resolution.

Personal data is retained only as long as necessary to provide the service or comply with legal obligations, typically no more than twenty‑four months from the last user interaction. Data beyond that period is irreversibly anonymized or securely destroyed. Retention schedules are assessed annually to ensure compliance with evolving best practices. You may request our detailed retention matrix.

In the event of a data breach, we will notify affected users within seventy‑two hours of confirming unauthorized access. Notifications include breach scope, data types involved, and recommended protective measures. Regulatory authorities are informed as mandated by law. We conduct a comprehensive post‑incident review and strengthen our protocols accordingly.

Automated systems analyze anonymized data for threat detection and capacity planning. Should an automated decision materially affect your account, you will receive notice and can request human review. Non‑essential personalization uses opt‑in profile data only. You may disable all automation features via privacy controls.

We share data with third‑party service providers—such as cloud hosting, payment gateways, and analytics platforms—only to the extent required for them to perform their services. Each provider is subject to confidentiality agreements and regular compliance audits. No data is shared for marketing purposes. All third‑party data transfers are logged for transparency.

This Privacy Policy is reviewed and updated at least annually or whenever legal or business changes occur. Material changes are communicated via in‑app notifications and email at least fourteen days before taking effect. Continued use after the effective date signifies your acceptance. Previous versions remain available upon request.