隐私政策

Under the GDPR, we process your personal data based on the following legal grounds:

We do not sell your personal data. We may share your information with the following categories of third parties:

We may also share your information if required by law, to protect our rights, to prevent fraud, or in connection with a merger, acquisition, or sale of assets.

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Under the GDPR and other applicable data protection laws, you have the following rights regarding your personal data:

To exercise any of these rights, please contact us through our contact page or email our Data Protection Officer. We will respond to your request within 30 days.

We use cookies and similar tracking technologies to collect information and improve our Service. Cookies are small data files stored on your device that help us remember your preferences and understand how you use our site.

For comprehensive information about the cookies we use, their purposes, and how to manage them, please refer to our dedicated Cookie Policy.

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ from those in your jurisdiction.

If you are located in the European Economic Area (EEA), we ensure that any transfer of your personal data outside the EEA is protected by appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Transfers to countries with an adequacy decision from the European Commission.
• Binding Corporate Rules where applicable.

By using the Service, you consent to the transfer of your information as described in this section, subject to the safeguards outlined above.

If we become aware that we have collected personal data from a child under the age of 18, we will take steps to delete that information as quickly as possible. If you are a parent or guardian and you believe your child has provided us with personal information, please contact us immediately.

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL (HTTPS).
• Secure hashing of passwords using industry-standard algorithms.
• CSRF protection on all forms and state-changing requests.
• Rate limiting and login throttling to prevent brute-force attacks.
• Security headers (CSP, X-Frame-Options, X-Content-Type-Options).
• Regular security audits and vulnerability assessments.
• Access controls limiting data access to authorized personnel only.

While we strive to protect your personal data, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your data.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes, we will update the "Last updated" date at the top of this page.

For significant changes, we will provide a more prominent notice, which may include email notification or a notice on our Service. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.