Privacy Policy
Last Updated: January 19, 2026
INTRODUCTION
This Privacy Policy describes how Your Company ("we", "us", or "our") collects, uses, and shares information about you when you use https://yourwebsite.com (the "Website").
By using our Website, you agree to the collection and use of information in accordance with this policy. We respect your privacy and are committed to protecting your personal data.
INFORMATION WE COLLECT
We collect the following types of information:
- Personal Information: Name, email address, and other contact details you provide when you contact us.
- Usage Data: IP address, browser type, device information, pages visited, time spent on pages, and other diagnostic data collected automatically.
HOW WE USE YOUR INFORMATION
We use the information we collect for the following purposes:
- To provide and maintain our Website
- To notify you about changes to our Website or services
- To provide customer support
- To detect, prevent, and address technical issues
- To communicate with you, including responding to your inquiries
- To analyze usage patterns and improve our Website
COOKIES AND TRACKING
We use cookies and similar tracking technologies to track activity on our Website and hold certain information.
Types of Cookies We Use:
- Essential Cookies: Required for the Website to function properly. These cannot be disabled.
- Preference Cookies: Remember your settings and preferences for a better experience.
- Analytics Cookies: Help us understand how visitors interact with our Website. We use Google Analytics for this purpose.
We also use localStorage in your browser to save in-progress tasks and preferences. You can clear this in your browser settings.
Managing Cookies: You can instruct your browser to refuse all cookies or indicate when a cookie is being sent. However, some features of our Website may not function properly without cookies.
INFORMATION SHARING
We do not sell, trade, or rent your personal information to third parties.
We may share your information only in the following limited circumstances:
- To comply with legal obligations
- To protect and defend our rights and property
- With your explicit consent
We do not sell or share personal information for cross-context behavioral advertising.
DATA SECURITY
We implement appropriate technical and organizational security measures to protect your personal information, including:
- Encryption of data in transit using SSL/TLS
- Secure storage of personal data
- Regular security assessments
- Access controls and authentication measures
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.
DATA RETENTION POLICY
We retain different categories of personal information for varying periods based on the purpose of collection, legal requirements, and legitimate business needs:
**Retention Schedule:**
| Data Category | Retention Period | Justification |
|--------------|------------------|---------------|
| Account Information | Duration of account + 2 years | Service provision and legal claims |
| Transaction Records | 7 years (legal requirement) | Tax and accounting requirements |
| Analytics Data | 26 months | Service improvement |
| Marketing Data | Until consent withdrawn | Consent-based processing |
| Support Records | 3 years after resolution | Quality assurance and dispute resolution |
**General Retention Policy:** 2 years
- Securely delete the information from our active systems
- Remove it from backups within 90 days
- Or anonymize the data so it can no longer identify you
- Comply with legal obligations
- Resolve disputes
- Enforce our agreements
- Protect against fraud or abuse
DATA BREACH NOTIFICATION
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify affected individuals within 72 hours of becoming aware of the breach
- Notify relevant supervisory authorities as required by applicable law (within 72 hours for GDPR)
- Provide details about the nature of the breach, categories of data affected, and approximate number of individuals affected
- Describe the likely consequences of the breach
- Explain the measures taken or proposed to address the breach and mitigate potential adverse effects
We maintain incident response procedures to ensure timely detection, investigation, and response to potential data breaches.
DO NOT TRACK DISCLOSURE
Do Not Track ("DNT") is a privacy preference you can set in your browser. When you turn on DNT, your browser sends a signal to websites requesting that they do not track your browsing activity.
Currently, we do not respond to DNT signals. This is because there is no industry-standard interpretation of how to respond to DNT signals. We will update this policy if a standard is established.
Regardless of DNT settings, you can opt out of analytics tracking using the methods described in the Cookies section above.
YOUR RIGHTS (GDPR)
If you are a resident of the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR):
- Right to Access: Request copies of your personal data
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data ("right to be forgotten")
- Right to Restrict Processing: Request limitation of processing of your data
- Right to Data Portability: Request transfer of your data to another organization
- Right to Object: Object to processing of your personal data
- Right to Withdraw Consent: Withdraw consent at any time where we rely on consent
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.
Legal Basis for Processing: We process your data based on the following legal grounds:
| Processing Purpose | Legal Basis |
|-------------------|-------------|
| Account Creation & Management | Necessary for contract performance (GDPR Art. 6(1)(b)) |
| Analytics & Service Improvement | Our legitimate business interests (GDPR Art. 6(1)(f)) |
| Marketing Communications | Your explicit consent (GDPR Art. 6(1)(a)) |
| Payment Processing | Necessary for contract performance (GDPR Art. 6(1)(b)) |
| Security & Fraud Prevention | Our legitimate business interests (GDPR Art. 6(1)(f)) |
| Customer Support | Necessary for contract performance (GDPR Art. 6(1)(b)) |
| Personalization | Your explicit consent (GDPR Art. 6(1)(a)) |
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates applicable law. You can find your local data protection authority at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
DATA SUBJECT REQUEST PROCEDURE
We have established the following procedure for exercising your data protection rights:
**How to Submit a Request:**
Specify which right you wish to exercise (access, rectification, erasure, portability, etc.)
Provide sufficient information to verify your identity and locate your data
- Your full name and contact details
- The specific data or processing activity your request relates to
- Any relevant account identifiers or reference numbers
**Identity Verification:**
To protect your privacy, we may need to verify your identity before processing your request. This may include requesting government-issued identification or other verification methods.
- We will acknowledge your request within 72 hours
- We will respond substantively within 30 days of receipt
- Complex requests may require an extension of up to 60 additional days, in which case we will notify you
**Fees:**
We do not charge a fee for processing legitimate data subject requests. However, we reserve the right to charge a reasonable fee for manifestly unfounded or excessive requests.
**Appeals:**
If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.
CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: Request categories and specific pieces of personal information we collected
- Right to Delete: Request deletion of your personal information (with legal exceptions)
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out of Sale/Sharing: Opt out of sale or sharing for cross-context behavioral advertising
- Right to Non-Discrimination: We will not discriminate for exercising your rights
We do not sell or share personal information for cross-context behavioral advertising.
We do not collect sensitive personal information as defined by CPRA.
How to Exercise Your Rights: Submit a request to [email protected]. We will verify your identity and respond within 45 days.
Authorized Agents: You may designate an authorized agent to make a request on your behalf. We will require proof of authorization.
- Identifiers
- Internet activity
- Provide and maintain the Service
- Analytics and service improvement
- Security and fraud prevention
- Customer support
CHILDREN'S PRIVACY
Our Website is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us at [email protected].
CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. We will notify you of any changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last Updated" date at the top
We encourage you to review this Privacy Policy periodically. Changes are effective immediately upon posting.
CONTACT US
If you have any questions about this Privacy Policy or our data practices, please contact us:
Your Company
Email: [email protected]
Website: https://yourwebsite.com
We aim to respond to all inquiries within 48 hours.
---
Generated by LegalKit | Free legal document generator
This document is a template for informational purposes. Consult an attorney for legal advice.