Made on
Tilda
Privacy Policy
We gather minimal personal information—such as email and username—to create and maintain your account. All other data collection (e.g., device identifiers, preferences) is strictly optional and used only to improve your experience. No financial or sensitive health data is collected without explicit opt‑in. Every field you complete has a clear purpose.
All personal data is stored on servers secured with AES‑256 encryption at rest, and protected with TLS‑1.3 in transit. Access is controlled via role‑based permissions and multi‑factor authentication. Security audits and penetration tests are conducted quarterly. Any security incident triggers our rapid response protocol.
We use session tokens and persistent cookies to manage authentication and remember your last‑used settings. These tokens do not contain personal identifiers. You may revoke or clear them through your browser at any time. Revoking tokens will require you to re‑authenticate.
We do not disclose personal data to advertisers or unrelated third parties. When engaging service providers, we ensure they adhere to privacy standards equal to ours through binding contractual obligations. All data transmissions to partners utilize secure channels. Breaches by partners lead to immediate contract termination.
Statistical reports based on anonymized data may be shared with trusted research entities. Such reports exclude any identifiers and are aggregated to prevent deanonymization. Partners are vetted for strong data governance practices. Your individual identity remains shielded.
You may access your personal data and obtain a copy in machine-readable format by submitting a request via the support center. We fulfill requests within 30 days of verifying your identity. The response includes data sources, processing operations, and retention periods. Any errors identified can be corrected at your request.
You have the right to portability and may request a transfer of your data to another service provider. Portability requests are processed within 14 business days, assuming technical feasibility. Some complex data types may require additional handling time. We will inform you of any limitations upfront.
You may ask for deletion of your account and personal data. Verified deletion requests are completed within 14 business days, except for data we are legally required to retain. Such data is archived with limited access, only for compliance purposes. We will notify you of any retention obligations.
In case of a confirmed security breach, we commit to notifying affected users and regulatory authorities within 72 hours. The notice will include breach details, data categories affected, and recommended mitigation steps. Our incident response team will perform a root‑cause analysis. A summary of findings and corrective actions will be publicly shared.
Updates to this Privacy Policy take effect upon posting, with the “Last Updated” date indicating the current version. Significant changes will be communicated directly, and you may be asked to reconfirm your consent. Continued use implies acceptance of the revised terms. Previous versions remain available upon request.
Our services are not intended for those under 16 without parental consent. We do not intentionally collect data from individuals under 16. If such data is discovered, it will be deleted immediately. Parents or guardians can request removal of minor data at any time.