Privacy Policy

Effective date: 2026-05-05

This Privacy Policy describes how the App(“we”, “our”, or “us”) collects, uses, and shares information about you when you use the App(the “Service”).

We process personal data as a data controller. Where the General Data Protection Regulation (GDPR) applies, our legal bases for processing are described in each section below.


1. Information we collect

Account information

When you create an account, we collect your email address and, if you sign in via a third-party provider (e.g. Google), your name and profile picture as returned by that provider. We do not store your OAuth access tokens beyond the session.

Usage data

We record actions you take within the Service (e.g. features used, pages visited) and metadata about those actions (timestamps, session IDs). This data is used solely to operate and improve the Service.

Technical data

We automatically receive standard HTTP information when you connect to our servers: your IP address, browser type, operating system, referring URL, and device identifiers. IP addresses are stored in server logs for up to 30 days for security and abuse-prevention purposes.

Content you provide

Any data you enter into the Service (text, files, images) is stored on your behalf. You remain the owner of that content.


2. How we use your information

  • Operate the Service— deliver the features you request, authenticate your identity, and maintain your account. (Legal basis: performance of a contract, GDPR Art. 6(1)(b))
  • Security and fraud prevention— detect and investigate suspicious activity, enforce our Terms of Service, and protect user accounts. (Legal basis: legitimate interests, GDPR Art. 6(1)(f))
  • Service communications — send you transactional emails (account confirmation, password reset, critical service notices). We do not send marketing emails without your explicit opt-in. (Legal basis: legitimate interests / consent)
  • Legal compliance— respond to lawful requests from public authorities and comply with applicable law. (Legal basis: legal obligation, GDPR Art. 6(1)(c))
  • Product improvement — analyse aggregated, de-identified usage patterns to improve the Service. Individual user data is not sold or used for advertising. (Legal basis: legitimate interests)

3. Sharing your information

We do not sell your personal data. We may share it only in the following circumstances:

  • Service providers— vendors who process data on our behalf (e.g. cloud hosting, transactional email delivery). They are bound by data processing agreements and may not use your data for their own purposes.
  • Legal requirements — if required by law, court order, or governmental authority, or to protect the rights, property, or safety of the App, our users, or the public.
  • Business transfers — if we merge with or are acquired by another company, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

4. Your rights

Depending on where you are located, you may have the following rights regarding your personal data:

  • Access (GDPR Art. 15 / CCPA) — request a copy of the personal data we hold about you.
  • Rectification (GDPR Art. 16) — correct inaccurate or incomplete data.
  • Erasure (GDPR Art. 17 / CCPA) — request deletion of your account and associated personal data, subject to retention obligations described below.
  • Portability (GDPR Art. 20) — receive your data in a structured, machine-readable format.
  • Restriction (GDPR Art. 18) — ask us to suspend processing of your data while a dispute is resolved.
  • Objection (GDPR Art. 21)— object to processing based on legitimate interests (e.g. analytics).
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at support@example.com. We will respond within 30 days (GDPR) or 45 days (CCPA). If you believe we have not addressed your request adequately, you have the right to lodge a complaint with your local data protection authority.


5. Retention

We retain your account data for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except where retention is required by law (e.g. tax records, fraud-prevention logs). De-identified, aggregated analytics data may be retained indefinitely.


6. Data transfers

The Service is operated from servers located in the United States. If you access it from outside that jurisdiction, your data may be transferred internationally. Where required by GDPR, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the transfer mechanism.


7. Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security. We will notify affected users of any breach as required by applicable law.


8. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, contact us at support@example.com and we will delete it promptly.


9. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or a prominent notice in the Service at least 14 days before they take effect. Continued use of the Service after the effective date constitutes acceptance of the revised policy.


10. Contact

For privacy-related questions or to exercise your rights, contact the App at: support@example.com