Privacy and Data Protection Policy

Scope and Who We Are

This Privacy and Data Protection Policy explains how AskCard (\"we\", \"us\", \"our\") processes personal data when you use our websites, applications, and AI-assisted tarot services (the \"Services\").

Data Controller: AskCard is the data controller responsible for your personal data. We can be reached at [email protected].

Our Commitment: We voluntarily align our practices with the General Data Protection Regulation (GDPR) standards, regardless of where you are located. This demonstrates our commitment to privacy best practices and data protection principles.

Scope: This Policy applies to all users globally. It does not cover third-party services, payment processors, or external platforms you may access through our Services – those are governed by their own policies.

User Preferences vs. Privacy Policy: Please note that UI/UX preferences such as tarot deck style, reading style, language settings, theme preferences, and similar customization options are separate from privacy settings. These preferences are stored as part of your account settings and are covered by this Privacy Policy, but are managed separately in your User Preferences page (accessible through your account settings). This Privacy Policy focuses on data protection and privacy rights, not UI customization options.

Contact: For any questions about how we handle your personal data, please contact [email protected].

Key Definitions

• Personal data: Any information relating to an identified or identifiable natural person.
• Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
• Data controller: The entity that determines the purposes and means of processing personal data (AskCard).
• Data processor: A third party that processes personal data on our behalf under our instructions.
• Consent: A freely given, specific, informed, and unambiguous indication of your wishes.
• Special category data: Sensitive data such as health, religious beliefs, or biometric data.
• Private Mode: A privacy-enhanced setting that can be turned ON or OFF. When Private Mode is ON, your prompts and results are not stored to your account.

Data We Collect

Information You Provide Directly

• Account information: Name, email address, password (stored as secure hashes), user preferences
• Content and inputs: Questions, prompts, chat messages, tarot-related inputs (such as birth information if you choose to provide it), uploaded files
• Communications: Messages you send to our support team

Information We Collect Automatically

• Technical data: IP address, browser type and version, device type, operating system, unique device identifiers
• Usage data: Pages visited, features accessed, interaction patterns, session duration, timestamps
• Performance data: Error logs, diagnostic data, system performance metrics
• Cookies and similar technologies: Session identifiers, preference settings, authentication tokens

Special Note on Sensitive Data - Health, Financial, and Other Sensitive Topics

Important Disclaimer: Our Services include features that may involve topics related to health ("Health Ask"), finance ("Finance Ask", "Money Forecast", "Wealth Guide"), employment ("Job Ask", "Job Fit", "Career Promote Ask"), relationships, and other sensitive areas. If you voluntarily submit questions or information relating to health, medical conditions, financial decisions, legal matters, or other topics requiring professional expertise, you acknowledge that:

• NOT Professional Advice: Our Services do NOT provide medical, legal, financial, psychological, or any other form of professional advice. AI-generated content and tarot readings are for informational and entertainment purposes only
• No Substitute for Professional Consultation: You should never use our Services as a substitute for professional medical, legal, financial, or psychological consultation
• Your Responsibility: You are solely responsible for evaluating any information provided and seeking appropriate professional advice when making important decisions

We do not actively seek or require special category data (also known as sensitive personal data under GDPR Article 9). However, certain features may collect information that could be considered sensitive. Key points regarding sensitive data:

Types of Sensitive Data We May Collect (By Feature):

• Health-Related Features (e.g., "Health Ask"): When using health-related features, you may voluntarily provide:
  • Health concern types (prevention, current symptoms, chronic conditions, family history, recovery status)
  • Body systems or organs of concern (heart, lungs, liver, kidneys, digestive, brain, nervous system, bones, joints, skin, reproductive, immune, blood, whole body)
  • Current medications (including traditional/herbal medicine)
  • Energy levels, sleep quality, stress levels
  • Any health-related information you choose to include in free-text questions or prompts
• Financial-Related Features (e.g., "Money Forecast", "Wealth Guide", "Investment Strategy"): When using financial features, you may voluntarily provide:
  • Current financial status and income stability
  • Financial goals, income expectations, and wealth intentions
  • Major expenses and financial concerns
  • Investment interests, risk tolerance, and wealth-building activities
  • Money mindset and financial intuition
  • Any financial information you choose to include in free-text questions or prompts
• Employment-Related Features (e.g., "Job Fit", "Career Promote Ask", "Job Change Advice"): When using employment features, you may voluntarily provide:
  • Job titles, current occupation, and career information
  • Resume impressions, potential levels, and perceived weaknesses
  • Company culture preferences and team dynamics
  • Career cycles, hiring urgency, and decision confidence
  • Any employment-related information you choose to include in free-text questions or prompts
• Other Sensitive Topics: You may also voluntarily provide information about relationships, personal beliefs, family situations, or other sensitive topics through free-text questions or prompts in various features

How We Handle Sensitive Data:

• Definition: Special category data includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for unique identification, health data, or data concerning a person's sex life or sexual orientation.
• Voluntary disclosure: All sensitive information is provided voluntarily by you when using our Services. We do not require you to provide sensitive data, but you may choose to include it in your inputs when using features like "Health Ask", "Money Forecast", "Wealth Guide", "Job Fit", or other specialized features.
• Extra Caution for Sensitive Topics: If you submit questions about health, medical conditions, financial decisions, legal matters, or other sensitive topics, we treat this data with extra caution:
  • We apply enhanced security measures and access controls
  • We minimize data retention for sensitive topics where possible
  • We provide clear warnings that responses are not professional advice
  • We recommend turning Private Mode ON for particularly sensitive queries
  • We do not share sensitive data with AI providers beyond what is necessary for generating responses (see AI section for details)
• Legal basis: If you do choose to share special category data, we process such information based on your explicit consent (GDPR Art. 9(2)(a)) or because you have manifestly made it public (GDPR Art. 9(2)(e)).
• Security protections: We apply enhanced security and privacy protections to special category data, including additional encryption layers, stricter access controls, and data minimization practices.
• Data minimization: We only collect the sensitive information you choose to provide. You are not required to fill in all optional fields, and you can use generic terms or avoid specific details if you prefer greater privacy.
• Recommendation: We strongly recommend that you carefully consider whether sharing sensitive personal information is necessary for the service you are requesting, and we encourage you to minimize the disclosure of such data whenever possible. For sensitive topics, consider turning Private Mode ON to avoid long-term storage.
• Your rights: You have the right to withdraw your consent for processing special category data at any time, and you can request deletion of such information in accordance with your GDPR rights.
• Contact: If you have concerns about how we handle sensitive data or wish to exercise your rights regarding such information, please contact us at [email protected].

How We Use Your Data

We process your personal data for the following purposes:

• Service delivery: To provide, operate, and deliver the AI and tarot services you request
• Personalization: To customize your experience based on your preferences and settings
• Communication: To respond to your inquiries and send service-related notifications
• Security and integrity: To detect, prevent, and address fraud, abuse, security threats, and violations of our terms
• Service improvement: To analyze usage patterns, fix bugs, develop new features, and enhance performance
• Legal compliance: To fulfill legal obligations and respond to lawful requests from authorities

AI and Tarot Processing Disclosures

AI Model Processing: We use artificial intelligence models (our own and carefully selected third-party providers) to generate responses, readings, and insights based on your inputs.

External AI Model Providers

We use Google Gemini AI models (specifically Gemini 2.5-3 and related versions) for generating responses, readings, and insights. We select AI providers based on their data protection standards, privacy commitments, and ability to process data in compliance with GDPR requirements. The specific model versions may be updated over time as we optimize our services, but we will maintain the same privacy protections and data handling practices.

User Input and Model Training

We do NOT use your user inputs or prompts for model training. When we send your prompts to third-party AI providers:

• We explicitly opt out of any training data usage programs where available
• We configure API settings to prevent your content from being used for model improvement or training
• We use enterprise/API tiers that exclude data from training by default
• Your prompts are processed only for generating your immediate response and are not retained by the AI provider for training purposes

Data Transmission to AI Providers - Detailed Technical Annex

When sending your prompts and data to external AI providers, the following data fields are included in API requests:

What Data Fields Are Sent to AI Providers:

Data Transmission Process:

• Complete Data Inclusion: All data fields listed in the table above are included in API requests sent to AI providers. This includes your user ID, session ID, email address, full name/username, profile data (gender, birth date/time/location, timezone), IP address, prompt text content, account metadata and preferences, and previous conversation history
• Profile Data Transmission: Your profile information stored in account settings (full name, gender, birth date, birth time, birth location, timezone) is included in API requests to AI providers. This data is transmitted to Google Gemini and other AI providers to enable personalized responses and accurate readings
• Account Information: Your account metadata, including UI preferences (deck style, reading style, theme, text size, language settings), account settings, and all stored profile data are included in API requests to provide context and enable personalized service delivery
• Session and Context Data: Session IDs, user IDs, and previous conversation history are included to maintain conversation context, enable continuity across sessions, and provide relevant responses based on your interaction history
• Prompt Content: All prompt text content you provide is transmitted to AI providers, including any personal identifiers, sensitive information, or details you include in your prompts
• Temporary Processing: Prompts and associated data are processed in real-time. According to our agreements with AI providers, data is deleted from their systems immediately after processing, typically within the immediate request-response cycle
• Data Linking: AI providers may be able to link multiple requests to the same user through user IDs, session IDs, and other identifiers included in API requests
• Important Note: All data fields listed above are transmitted to AI providers. This includes your stored profile data, account information, and any personal information you include in your prompts. For maximum privacy, consider using Private Mode ON to minimize data storage, though this does not prevent data transmission to AI providers during active sessions

AI Provider Data Retention and Training:

• No Training Data Usage: We explicitly opt out of all training data usage programs. Our API agreements prohibit AI providers from using your prompts for model training, fine-tuning, or improvement
• No Storage: AI providers do not store your prompts beyond the immediate processing cycle (typically less than 30 seconds)
• Enterprise/API Tiers: We use enterprise-grade API tiers that exclude data from training by default and have explicit contractual prohibitions on training data usage
• Regular Audits: We periodically review our AI provider agreements and configurations to ensure compliance with our privacy commitments

AI Provider Jurisdictions:

Google Gemini (our AI model provider) primarily processes data in the following jurisdictions:

• United States: Primary processing location for Gemini models
• European Union: Google may offer EU-based processing options for certain requests, which we utilize when available for EU users

We rely on Standard Contractual Clauses (SCCs) and Google's GDPR compliance measures to ensure adequate protection when data is processed outside the EEA.

Human Review

In limited circumstances, authorized personnel may review content to investigate abuse, improve quality, or ensure safety. All reviewers are subject to strict confidentiality obligations and access controls. Human review is not used for training AI models.

Nature of Outputs and Disclaimers

Important Limitations:

• AI-generated content is probabilistic and may contain inaccuracies, errors, or biases
• Tarot readings are interpretive and provided for informational and entertainment purposes only
• NOT Professional Advice: Our Services do NOT provide medical, legal, financial, psychological, or any other form of professional advice. AI-generated content and tarot readings should never be used as a substitute for professional consultation
• Health and Financial Topics: If you ask questions about health, medical conditions, financial decisions, legal matters, or other topics requiring professional expertise, the responses are for general information only and should not be relied upon for making important decisions
• No Guarantees: We make no guarantees about the accuracy, completeness, or usefulness of AI-generated content or tarot readings
• Your Responsibility: You are responsible for evaluating the information provided and seeking appropriate professional advice when needed

No Solely Automated Decisions: We do not make decisions that produce legal effects or similarly significant effects on you based solely on automated processing, including profiling.

Cookies and Similar Technologies

We use cookies and local storage to operate the Services and remember your preferences.

Categories of Cookies

Strictly Necessary (No Consent Required):

• Authentication and session management
• Security and fraud prevention
• Load balancing and service delivery
• Your Private Mode ON/OFF preference

Preference Cookies (Implied Consent):

• Text size, language, theme preferences
• Interface customization settings

Analytics and Performance (Consent Required - Disabled by Default):

• Usage statistics and performance monitoring
• Feature usage analysis
• Important: Analytics cookies are disabled by default and will only be set if you explicitly consent to them through your account settings. We do not use analytics cookies without your consent.

Default Cookie Behavior - Explicit Consent Model

Analytics cookies are disabled by default. By default, we only set strictly necessary cookies required for the service to function. All other cookies (preference and analytics) require your explicit consent. We do not use any analytics or tracking cookies without your explicit opt-in consent.

• No automatic activation: Analytics cookies are completely disabled by default and will not be activated by any user behavior, page visits, or automatic triggers
• Explicit opt-in required: You must manually enable analytics cookies in your account settings before any analytics cookies are placed
• Withdrawal of consent: You can withdraw consent at any time through your account settings. Withdrawing consent will immediately stop analytics processing and remove analytics cookies

You can manage cookie preferences through your browser settings or your account settings. Blocking strictly necessary cookies may affect service functionality.

Your Control

You can change your cookie preferences at any time through your account settings. Withdrawing consent for analytics cookies will immediately stop analytics processing, but will not affect your ability to use the core services.

Private Mode: ON or OFF

You can control how we handle your conversation content by turning Private Mode ON or OFF:

Private Mode OFF (Default)

• Your prompts, conversations, and results are stored to your account
• You can access, review, and manage your history
• You can delete individual items or your entire account at any time
• Stored content is retained according to our retention schedule

Private Mode ON (Privacy-Enhanced)

• When Private Mode is ON, your prompts and results are not stored to your account or long-term content databases
• Content is processed in real-time to deliver the service and then discarded
• Minimal technical logs (e.g., security logs without content) may be retained briefly for abuse prevention (typically 30 days maximum)
• Your Private Mode setting (ON/OFF) is stored locally or as a minimal account setting

Data Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law. Our retention practices are designed to balance service functionality, user convenience, and privacy protection.

• User account data: Retained while your account is active. All user account data (including profile information, account settings, and preferences) is deleted or anonymized within 90 days of account closure, unless legal retention applies.
• Saved content / Reading History (Private Mode OFF): To provide you with access to your conversation history and allow you to revisit previous readings, we retain saved content while your account is active and Private Mode is OFF. However, to comply with data minimization principles and protect your privacy, we implement the following retention practices:
  • Default maximum retention period: 1 year from the date of creation. After 1 year, content will be automatically deleted unless you explicitly opt-in to extend retention. This default period balances service functionality with privacy protection
  • Inactivity review: We review saved content after 2 years of inactivity (no access or interaction with the content). After this period, we will notify you via email and give you 30 days to opt-in to keep the content. If you do not respond, we will anonymize or delete the content
  • Opt-in for extended retention: You may opt-in to retain content beyond the 1-year default period. We will remind you annually to review and confirm you wish to continue retention
  • User control: You can delete individual items or your entire account at any time, which will immediately remove the associated content from our active systems. Turning Private Mode ON will stop new content from being saved, but existing saved content will remain until you delete it or the retention period expires
  • Account deletion: If you delete your account, all saved content is permanently deleted within 90 days (subject to backup retention periods mentioned below)
• Private Mode ON interactions: Not stored to account; only minimal security logs kept for up to 30 days.
• Security and audit logs: Retained for up to 12 months for security purposes, including fraud prevention, abuse detection, and system integrity.
• Legal or compliance records: Retained as long as required by law, court orders, or regulatory requirements.
• Backup data: May persist in backups for up to 90 days before permanent deletion. This ensures we can restore service in case of technical issues while minimizing data retention. Backup data includes saved content, account information, and other personal data stored in our backup systems.

Legal Bases for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds. Below is a detailed mapping of processing activities to their legal bases:

Legitimate Interests Assessment

Where we rely on legitimate interests (Art. 6(1)(f)), we have conducted a balancing test to ensure our interests do not override your rights and freedoms:

• Security and fraud prevention: Our interest in protecting the platform and users from abuse, fraud, and security threats is balanced against your privacy rights. We minimize data collection and use technical measures to reduce impact
• Anonymous user monitoring: Our interest in monitoring anonymous users (IP addresses, session data, activity logs) for security and service delivery is balanced against privacy rights. We limit retention periods (7 days for monitoring data) and only track necessary information
• Activity logging: Our interest in logging user activities (page views, form submissions, login attempts) for security and abuse prevention is balanced by implementing data minimization and limited retention periods
• Technical data collection: Our interest in collecting technical data (IP addresses, browser info, device data) for security and service delivery is balanced by using this data only for necessary purposes and implementing appropriate security measures
• Service improvement: Our interest in improving services is balanced by anonymizing data where possible and giving you control over analytics
• Personalization: Our interest in providing personalized experiences is balanced by giving you full control to disable personalization features

Withdrawing Consent: Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Data Sharing and Third-Party Processors

Processors: We share personal data with service providers acting as data processors under our instructions. Below is a clear table of our third-party processors:

Processor Obligations: All processors are bound by data processing agreements that require:

• Processing only on our documented instructions
• Appropriate security measures
• Confidentiality commitments
• Assistance with data subject rights
• Deletion or return of data when services end

No Sale of Data: We do not sell, rent, or trade your personal data.

Legal Disclosures: We may disclose data when required by law, to protect our rights, or to prevent harm.

Note: Processor information is updated regularly. For the most current list or to request copies of data processing agreements, contact [email protected].

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) or your country of residence.

Primary Transfer Regions

Based on our current service providers and infrastructure, data transfers primarily occur to the following regions:

• Singapore (SG): Our primary cloud hosting infrastructure and data storage are located in Singapore
• United States: Our AI model provider (Google Gemini) and some analytics services are located in the United States
• Ireland (EU): Some EU-based services and backup infrastructure may be located in Ireland
• Asia-Pacific: Payment processing (Stripe) and some regional services may process data in Asia-Pacific locations

Transfer Safeguards

When transferring data internationally, we implement appropriate safeguards:

• Standard Contractual Clauses (SCCs): EU Commission-approved contractual terms are included in all data processing agreements with non-EEA processors. We use the 2021 version of the SCCs which includes modules for controller-to-processor transfers
• UK International Data Transfer Addendum (IDTA): For UK data transfers, we use the UK IDTA in addition to SCCs where applicable
• Encryption in transit: All data transfers are encrypted using TLS/SSL protocols (minimum TLS 1.2)
• Encryption at rest: Data stored in non-EEA regions is encrypted at rest using industry-standard encryption (AES-256)
• Adequacy decisions: Where available, we prefer transfers to countries recognized by the European Commission as providing adequate protection (e.g., transfers within the EEA)
• Supplementary measures: Additional technical and organizational security measures including access controls, audit logging, and regular security assessments

Specific Transfer Mechanisms by Processor Type

• Cloud Hosting (Singapore): SCCs (Module 2: Controller to Processor) + encryption in transit and at rest
• AI Providers - Google Gemini (US): SCCs (Module 2) + explicit opt-out from training + data retention limits + encryption
• Analytics (US, if consented): SCCs + consent-based processing + anonymization where possible
• Payment Processors - Stripe (US/Asia): SCCs + PCI-DSS compliance + tokenization

Request Transfer Documentation: You may request copies of our transfer safeguards, including SCCs and data processing agreements, by contacting [email protected]. We will provide redacted copies (with confidential commercial terms removed) within 30 days.

Your GDPR Rights

As a data subject, you have the following rights:

• Right of Access (Art. 15): Obtain confirmation of whether we process your data and receive a copy.
• Right to Rectification (Art. 16): Correct inaccurate or incomplete personal data.
• Right to Erasure/\"Right to be Forgotten\" (Art. 17): Request deletion of your personal data in certain circumstances.
• Right to Restriction of Processing (Art. 18): Limit how we use your data in specific situations.
• Right to Data Portability (Art. 20): Receive your data in a structured, commonly used format and transmit it to another controller.
• Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time where processing is based on consent.
• Right Not to Be Subject to Automated Decision-Making (Art. 22): Protection against solely automated decisions with significant effects.

How to Exercise Your Rights: Contact [email protected]. We will respond within 30 days (extendable to 60 days for complex requests).

To exercise your privacy rights, please email your request directly to [email protected]. We respond to all requests within 30 days (extendable to 60 days for complex requests).

Data Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

Technical Measures

• Encryption in transit (TLS/SSL) and at rest
• Secure authentication and access controls
• Regular security testing and vulnerability assessments
• Firewall and intrusion detection systems
• Secure backup and disaster recovery procedures

Organizational Measures

• Access limited to authorized personnel on a need-to-know basis
• Staff training on data protection
• Confidentiality agreements
• Incident response procedures
• Regular security policy reviews

Data Breach Notification Procedure

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we have established the following procedures:

• Immediate Assessment: Upon discovery of a potential data breach, we immediately assess the nature, scope, and potential impact of the breach
• 72-Hour Notification to Supervisory Authority: If the breach is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority (data protection authority) without undue delay and, where feasible, not later than 72 hours after becoming aware of the breach, in accordance with GDPR Article 33
• Notification to Affected Users: If the breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in clear and plain language, in accordance with GDPR Article 34. The notification will include:
  • Description of the nature of the breach
  • Categories and approximate number of data subjects and personal data records concerned
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach and mitigate its possible adverse effects
  • Contact details of our data protection officer or point of contact for further information
• Notification Methods: We will notify affected users via email to the email address associated with your account, or through prominent notice on our website if email notification is not possible
• Documentation: We maintain detailed records of all data breaches, including the facts surrounding the breach, its effects, and the remedial action taken, as required by GDPR Article 33(5)
• Cooperation: We cooperate fully with supervisory authorities and provide all necessary information to assist in their investigation

What Constitutes a Data Breach: A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

Contact: If you suspect a data breach or have concerns about the security of your personal data, please contact us immediately at [email protected].

Vendor Security: We conduct due diligence on processors and require contractual security commitments aligned with GDPR standards.

Children's Privacy

Age Requirement: Our Services are intended for users who are 16 years of age or older. This age threshold aligns with GDPR requirements and our Terms of Use. Users under 16 years of age are not permitted to use our Services without explicit parental or guardian consent.

Age Verification and Restrictions

To ensure compliance with child protection laws and protect minors:

• Age verification: When you create an account, we ask you to confirm that you are 16 years or older. While we primarily rely on self-declaration, we reserve the right to request additional verification (such as age verification documents) if we have reason to believe a user is underage. We may also use technical measures to detect potential underage users
• Parental consent: If you are under 16, you must have parental or guardian consent to use our Services. Parents or guardians should contact [email protected] to provide consent and discuss appropriate use. We will require verification of parental/guardian identity before granting access
• Restricted features: Users who indicate they are under 16, or accounts we suspect belong to minors, may have access to certain features restricted or require additional verification. Some sensitive features (such as financial or health-related readings) may be restricted for users under 18
• Content filtering: We may implement content filtering or warnings for users who indicate they are minors
• Account monitoring: We may monitor accounts that appear to belong to minors to ensure appropriate use and compliance
• Data handling for minors: If we discover that we have collected data from a user under 16 without proper consent, we will immediately suspend the account, contact the parent/guardian if possible, and delete the child's data unless retention is required by law

What Happens If We Discover Underage Use

If we become aware that we have collected personal data from a child without proper consent:

• We will immediately suspend or restrict the account
• We will attempt to contact the parent or guardian if contact information is available
• We will delete the child's personal data unless retention is required by law
• We will provide information to parents or guardians about what data was collected and how to request deletion

Parents or guardians who believe we have collected data from a child should contact [email protected] immediately. We will respond promptly and assist with any requests related to a child's data.

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or for operational reasons.

Material Changes: We will provide prominent notice of significant changes through the Services, email notification, or other appropriate means at least 30 days before changes take effect where required.

Effective Date: Changes become effective on the date indicated at the bottom of this Policy.

Your Continued Use: Continuing to use the Services after changes become effective constitutes acceptance of the updated Policy.

Version History: Previous versions are available upon request.

Contact and Supervisory Authority

Data Controller Contact:

Email: [email protected]

We will respond to inquiries within a reasonable timeframe, typically within 30 days.

Your Right to Lodge a Complaint:

You have the right to lodge a complaint with a supervisory authority, particularly in the EU/EEA member state of:

• Your habitual residence
• Your place of work
• The place of the alleged infringement

We encourage you to contact us first so we can address your concerns directly, but this does not affect your right to lodge a complaint with a supervisory authority.

Policy Version History

This Privacy Policy may be updated periodically. Below is an archive of previous versions with a summary of changes:

How to Access Previous Versions: To request a copy of a specific previous policy version, contact [email protected] with the version number and date. We maintain policy archives for at least 5 years.