Privacy Policy

Applicability

This policy applies whenever personal or device data is exchanged with the service. It covers collection, processing, sharing, and protection measures. Your use of the service implies consent to these practices. Updates may be made without explicit notice, so please check periodically.

Data Minimization

Only data strictly necessary for service delivery—usernames, session tokens, and error logs—is collected. No health, financial, or other sensitive data is ever requested. Optional feedback and preferences require separate, explicit opt-in. All collection points are clearly labeled.

Primary Purposes

Data supports authentication, fraud prevention, and system diagnostics. Aggregate metrics guide performance tuning and feature development. Personal information is not used for advertising without separate consent. Any new processing purposes require clear user notification.

User Controls

A privacy dashboard enables you to manage consents, view collected data, and initiate deletion requests. Changes take effect immediately for future data processing. Previously collected data remains subject to retention policies. Your control panel also provides export and correction options.

Security Measures

Data in transit uses TLS encryption, while data at rest is secured with AES encryption. Access controls enforce least-privilege principles and require multi-factor authentication. Continuous monitoring and logging detect unauthorized activity. Routine penetration tests validate our defenses.

Data Retention

Personal data is held no longer than required for its original purpose, normally up to twenty-four months post-activity. Backups are purged within ninety days after active retention expires. Anonymized logs may be kept for trend analysis indefinitely. Details of retention schedules are available upon request.

User Rights

You have the right to access, correct, and delete your personal data at any time. Requests are processed within thirty days, subject to legal obligations. Deleted records are removed from active and archival storage. Certain anonymized logs may remain for historical analysis.

Breach Notification

Confirmed data breaches trigger notifications to affected individuals within seventy-two hours of discovery. Notifications include incident details, data affected, and recommended next steps. Authorities are notified as required by applicable law. A comprehensive post-incident review follows.

Third-Party Sharing

Data is shared only with essential service providers under strict confidentiality and security agreements. Processors are audited regularly to ensure compliance. No data is provided to marketers or data brokers. All third-party transfers are logged and auditable upon request.

Automated Decisions

Automated systems analyze anonymized data for threat detection and resource optimization. Automated decisions that materially affect your account status will trigger a notification and an option for human review. Optional personalization features are opt-in only. Documentation of automated logic is available for oversight.

Policy Updates

This policy is updated at least once annually or upon major legal changes. Significant amendments are communicated via in-service notices and email at least fourteen days before enforcement. Continued use after the effective date implies acceptance. Archived versions remain accessible for transparency.