Privacy Policy
Applicability
This policy applies to all personal information collected, processed, and stored in connection with use of the service, including web interfaces, mobile apps, and any integrated third-party components. Continued interaction—whether browsing, registering, or submitting content—constitutes agreement with these terms.
Data Collected
Only information essential to operation and support is gathered: unique user identifiers, device and browser metadata, timestamps of access, and basic user preferences. No sensitive categories (health, biometrics, finances) are requested or recorded.
Purpose Limitation
All collected data serve to:
Authenticate and authorize legitimate users
Monitor system health and performance
Diagnose errors and improve reliability
Tailor non-critical guidance or tooltips
Any secondary use requires clear advance notice and affirmative consent.
Consent and Transparency
Where optional data (e.g., feature-use surveys) is requested, explicit opt-in is required. Consent prompts are self-contained, succinct, and link directly to this policy. Users retain the right to withdraw consent at any time through clearly labelled account settings.
Data Retention
Logs and usage records are retained for up to 18 months for troubleshooting and analytics. After this period, personal identifiers are irreversibly purged, leaving only aggregated, anonymized metrics. Retention durations are periodically reviewed in line with best practices.
Anonymization Strategy
Before any analytical process, direct identifiers are removed or replaced with irreversible hashes. Aggregated reports never contain individual-level data. Backup copies adhere to the same anonymization protocols, ensuring that no residual personal information persists beyond retention thresholds.
Essential Tracking Technologies
Only core cookies and minimal diagnostic scripts are active by default. Performance-enhancing or usage-analytics scripts remain dormant unless activated by user choice. A plain-language cookie notice appears on first access, with one-click controls for enabling or disabling non-essential trackers.
Security Framework
In Transit: Enforced TLS encryption.
At Rest: Data store encryption using AES-256.
Access Control: Role-based permissions audit-logged and rotated quarterly.
Incident Drills: Annual tabletop exercises validate readiness.
User Access & Correction
Users may request a full extract of their personal data, request corrections of inaccuracies, or instruct permanent deletion of non-anonymized records. All such requests must be submitted via the support interface and are completed within 30 calendar days, barring exceptional legal constraints.
Incident Notification
Any confirmed data breach triggering risk to individuals will prompt notification to affected parties within 72 hours. Communications will outline breach scope, remedial actions taken, and recommendations for user risk mitigation.
Policy Updates and Versioning
This document is version-controlled, with each revision dated. Material changes are announced via in-service alerts at least 14 days before enactment. Non-material edits take effect immediately and are reflected in the version history.
