Privacy Policy

1. Introduction and Acceptance

This Privacy Policy ("Policy") describes how this website ("we", "us", "our", or "the Site") collects, uses, discloses, and protects personal information obtained from users ("you", "your", or "User") of our web application and related services (collectively, the "Services"). By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with this Policy, please do not use our Services.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide when you:

• Create an Account: Username, email address, password (stored in encrypted/hashed form), first name, and last name.
• Update Your Profile: Any additional information you choose to provide in your user profile.
• Contact Us: Name, email address, and any information contained in communications you send to us.
• Use Our Services: Any content, files, or data you submit, post, or upload through the Services.

2.2 Information Collected Automatically

When you access our Services, we automatically collect certain technical information, including:

• Device Information: IP address, browser type and version, operating system, device type, and unique device identifiers.
• Usage Data: Pages visited, time and date of visits, time spent on pages, login times, clickstream data, and other analytics regarding your use of the Services.
• Cookies and Similar Technologies: We use session cookies, authentication tokens, and similar tracking technologies. See Section 6 for more details.
• Log Files: Server logs that may include IP addresses, browser types, Internet Service Provider (ISP), referring/exit pages, and timestamps.

2.3 Information from Third Parties

We may receive information about you from third-party sources, such as service providers, business partners, or publicly available sources, which we may combine with other information we have collected about you.

3. How We Use Your Information

We use the collected information for legitimate business purposes, including:

• Service Provision: To create and manage your account, authenticate users, provide access to Services, and fulfill our contractual obligations.
• Communications: To send transactional emails (account verification, password resets, system notifications), respond to inquiries, and provide customer support.
• Service Improvement: To analyze usage patterns, troubleshoot technical issues, enhance functionality, and develop new features.
• Security and Fraud Prevention: To detect, prevent, and address security incidents, fraudulent activity, unauthorized access, and violations of our Terms of Service.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and enforceable governmental requests.
• Business Operations: To maintain records, conduct internal analytics, perform administrative functions, and enforce our policies.
• Marketing (with consent): To send promotional materials and updates about our Services, where you have provided consent or where permitted by law. You may opt out at any time.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal bases for processing your personal information include:

• Contractual Necessity: Processing is necessary to perform our contract with you (providing Services).
• Legal Obligation: Processing is required to comply with applicable laws and regulations.
• Legitimate Interests: Processing is necessary for our legitimate business interests, such as security, fraud prevention, and service improvement, provided these interests do not override your fundamental rights.
• Consent: You have provided explicit consent for specific processing activities, which you may withdraw at any time.

5. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances:

5.1 Service Providers

We may share information with trusted third-party service providers who perform services on our behalf (e.g., hosting, email delivery, analytics, payment processing). These providers are contractually obligated to use your information only for the purposes we specify and to maintain appropriate security measures.

5.2 Legal Requirements and Protection

We may disclose your information when we believe in good faith that disclosure is necessary to:

• Comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
• Enforce our Terms of Service, including investigation of potential violations.
• Detect, prevent, or address fraud, security, or technical issues.
• Protect the rights, property, or safety of our organization, our users, or the public as required or permitted by law.

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your personal information may be transferred to the successor entity. You will be notified via email and/or prominent notice on our website of any such change in ownership or control.

5.4 With Your Consent

We may share your information with third parties when you have provided explicit consent for such sharing.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, maintain sessions, analyze usage, and improve our Services. Cookies are small text files stored on your device.

Types of Cookies We Use:

• Essential Cookies: Necessary for authentication and basic functionality. These cannot be disabled without affecting service operation.
• Functional Cookies: Remember your preferences and settings.
• Analytics Cookies: Help us understand how users interact with our Services.

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our Services. Our cookies expire after 24 hours of inactivity for security purposes.

7. Data Security

We implement and maintain reasonable administrative, technical, and physical security measures designed to protect your personal information against unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption of passwords using industry-standard hashing algorithms.
• Use of secure database connections and prepared statements to prevent SQL injection.
• Session-based authentication with automatic expiration.
• Regular security assessments and updates.
• Access controls limiting employee access to personal information.
• Protection of configuration files from direct web access.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Retention periods depend on the nature of the information and the purposes for which it is processed:

• Account Information: Retained while your account is active and for a reasonable period thereafter to comply with legal obligations.
• Usage Data and Logs: Typically retained for security and analytical purposes and deleted in accordance with our data retention schedule.
• Communication Records: Retained for customer service and legal compliance purposes.

When we no longer have a legitimate business need to process your information, we will delete or anonymize it in accordance with applicable laws.

9. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request access to your personal information and obtain a copy of the data we hold about you.
• Correction: Request correction of inaccurate or incomplete personal information.
• Deletion: Request deletion of your account and associated personal information.
• Data Portability: Request a copy of your personal information in a structured, commonly used, machine-readable format.
• Opt-Out: Unsubscribe from marketing communications at any time.
• Restriction of Processing: Request restriction of processing under certain circumstances.
• Object to Processing: Object to processing based on legitimate interests or for direct marketing purposes.
• Withdraw Consent: Withdraw consent at any time where processing is based on consent (without affecting prior processing).
• Lodge a Complaint: File a complaint with your local data protection authority or relevant regulatory body.
• Non-Discrimination: Exercise privacy rights without discriminatory treatment.

Important Disclosure: We do not sell, rent, or trade your personal information. We do not engage in targeted advertising using your personal data or profiling for automated decision-making that produces legal or similarly significant effects.

To exercise any of these rights, please contact us. We may require verification of your identity before processing your request. We will respond to verified requests within the timeframe required by applicable law (typically 30-45 days).

10. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than your country of residence, which may have different data protection laws. When we transfer personal information internationally, we implement appropriate safeguards to ensure your information remains protected in accordance with this Privacy Policy and applicable laws, such as Standard Contractual Clauses approved by the European Commission.

11. Children's Privacy

Our Services are not directed to individuals under the age of 16 (or the applicable age of majority in their jurisdiction). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information. If you believe a child has provided personal information to us, please contact us immediately.

12. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not owned or controlled by us. This Privacy Policy applies only to our Services. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services before providing them with personal information.

13. Do Not Track Signals

Some browsers support "Do Not Track" (DNT) signals. Our Services do not currently respond to DNT signals or similar mechanisms. We will continue to monitor developments in this area.

14. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. When we make material changes, we will notify you by updating the "Effective Date" at the top of this Policy and, where appropriate, provide additional notice (such as via email or a prominent notice on our website). Your continued use of the Services after any changes become effective constitutes acceptance of the revised Privacy Policy. We encourage you to review this Policy periodically.

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us. We will make reasonable efforts to respond to all legitimate requests within the timeframe required by applicable law.

16. Data Protection Officer

If required by applicable law, we have appointed a Data Protection Officer (DPO) who can be contacted regarding data protection matters.