Privacy Policy

Last updated: April 14, 2026

1. Introduction

Dosya Technologies LLC, operating as dosya.dev ("we," "us," or "our"), operates the dosya.dev platform, which provides file transfer, storage, and sharing services across 46 global regions. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

Please read this Privacy Policy carefully. By accessing or using dosya.dev, you acknowledge that you have read and understood this Privacy Policy. This policy does not alter the terms of any agreement you have with us, nor does it create any contractual or other legal rights on behalf of any party.

Data Controller: Dosya Technologies LLC, 37 Mayne Road, Bowen Hills, Brisbane, Queensland, Australia 4006. For privacy-related inquiries, contact us at privacy@dosya.dev.

2. Information We Collect

2.1 Information You Provide

  • Account Information: When you create an account, we collect your name, email address, and password. If you sign up using a third-party provider (such as Google or GitHub), we receive your name, email address, and profile picture from that provider.
  • Payment Information: When you subscribe to a paid plan, we collect billing details such as your name, billing address, and payment method. Payment processing is handled by our third-party payment processor (Stripe); we do not store your full credit card number on our servers.
  • Contact Information: When you reach out to us through our contact form, we collect your name, email address, and any message content you provide.
  • Files and Content: When you upload, transfer, or store files using our platform, we process and store those files on your behalf. We do not access the contents of your files except as necessary to provide the service (e.g., generating preview thumbnails for image and document files on our servers, malware scanning via on-server scanning tools) or as required by law. File contents are never sent to third parties for thumbnail generation or preview purposes.

2.2 Information Collected Automatically

  • Usage Data: We automatically collect information about how you interact with our services, including pages visited, features used, upload/download activity, file sizes, transfer frequencies, and timestamps.
  • Device and Browser Information: We collect your IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
  • Location Data: We infer your approximate geographic location from your IP address to route your data to the nearest server region and to comply with regional data regulations.
  • Cookies and Tracking Technologies: We use cookies, local storage, and similar technologies to maintain your session, remember your preferences, and analyze usage patterns. Essential cookies are required for the Service to function; non-essential cookies (such as analytics) are only set with your consent where required by law. You can manage your cookie preferences through our cookie consent banner or your browser settings. See our Cookie Policy for more details.
  • Log Data: Our servers automatically record information including your IP address, request timestamps, HTTP method, URL path, response status code, referrer URL, and user agent string.
  • Analytics: We use privacy-focused analytics tools to understand how our services are used. These tools may process your IP address, browser information, and usage patterns. We do not use Google Analytics or any analytics tool that transfers data to third-party advertising networks.

3. How We Use Your Information

We use the information we collect for the following purposes. Where applicable, we have noted the legal basis for each processing activity under GDPR:

Purpose Legal Basis (GDPR)
Provide and Maintain Services: Operate our file transfer, storage, and sharing platform; process uploads and downloads; manage your account; deliver features you request. Contractual necessity
Process Transactions: Process payments, manage subscriptions, send invoices, and handle billing communications. Contractual necessity; Legal obligation (tax/accounting)
Improve Our Services: Understand usage patterns, diagnose technical issues, optimize server performance across our 46 regions, and develop new features. Legitimate interest
Communicate with You: Send service-related notifications (account verification, password resets, storage limit alerts, transfer confirmations), respond to inquiries, and provide support. Contractual necessity; Legitimate interest
Security and Fraud Prevention: Detect, investigate, and prevent unauthorized access, abuse, fraud, and other illegal activities; enforce our Terms of Service; protect user rights and safety. Legitimate interest; Legal obligation
Legal Compliance: Comply with applicable laws, regulations, legal processes, or enforceable governmental requests. Legal obligation
Marketing: Send promotional communications about new features, special offers, or information we think you may find interesting. You can opt out at any time. Consent

4. Data Storage and Security

4.1 Where We Store Your Data

Your files are stored in the server region(s) you select or the region closest to you. Account data and metadata may be processed in any of our operating regions. Your information may be transferred to countries outside your country of residence, which may have different data protection laws. For information about the safeguards we use for international transfers, see Section 8 below.

4.2 How We Protect Your Data

We implement industry-standard security measures to protect your data, including:

  • Encryption in Transit: All data transferred between your device and our servers is encrypted using TLS 1.2 or higher.
  • Encryption at Rest: Files stored on our servers are encrypted using AES-256 encryption.
  • Access Controls: We employ strict access controls, multi-factor authentication for administrative access, and role-based permissions to limit access to your data.
  • Infrastructure Security: Our servers are hosted in SOC 2-compliant data centers with physical security controls, redundant power, and network monitoring.
  • Regular Audits: We conduct regular security assessments, penetration testing, and vulnerability scans to identify and address potential threats.

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers (Sub-processors): We share data with trusted third-party service providers who assist us in operating our platform. These providers are contractually obligated to use your data only for the purposes we specify and to protect it to the same standards we apply. Our current sub-processors include:
    • Stripe: Payment processing
    • Amazon Web Services (AWS): Cloud infrastructure and storage
    • Google Cloud Platform (GCP): Cloud infrastructure and storage
    • Cloudflare: CDN, DDoS protection, and DNS
    • DigitalOcean: Cloud infrastructure and storage

    We will update this list when sub-processors are added or changed and will provide notice of material changes.

  • File Sharing: When you share a file or generate a transfer link, the recipients you designate can access the shared content. We do not control how recipients use the files you share with them.
  • Legal Requirements: We may disclose your information if required to do so by law, or in response to valid requests by public authorities (e.g., a court order or government agency).
  • Business Transfers: If dosya.dev is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.
  • Protection of Rights: We may disclose information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our Terms of Service, suspected fraud, situations involving potential threats to the safety of any person, or as evidence in litigation.

6. Data Retention

We retain your data only for as long as necessary to fulfill the purposes for which it was collected. Specific retention periods and their justifications are as follows:

  • Account Data: Retained for as long as your account is active, as it is necessary to provide the Service (contractual necessity). If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.
  • Files: Retained according to your plan and settings. Files in expired transfers or deleted workspaces are permanently removed from our servers within 30 days of expiration or deletion. Backups containing your files are purged within 90 days. Retention is necessary to provide the storage service you have contracted for.
  • Log Data: Server logs are retained for up to 12 months for security incident investigation, debugging, and service reliability purposes (legitimate interest in maintaining security and service quality). After 12 months, logs are aggregated or deleted.
  • Payment Records: Billing and transaction records are retained for up to 7 years to comply with tax and financial reporting obligations as required by U.S. federal and state law (legal obligation).
  • Marketing Preferences: Records of your consent or opt-out preferences are retained for as long as we conduct marketing activities, plus 3 years, to demonstrate compliance with applicable consent requirements (legal obligation).

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: You have the right to request a copy of the personal data we hold about you.
  • Correction: You have the right to request that we correct any inaccurate or incomplete personal data.
  • Deletion: You have the right to request that we delete your personal data, subject to certain legal exceptions.
  • Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
  • Restriction: You have the right to request that we restrict the processing of your personal data under certain circumstances.
  • Objection: You have the right to object to the processing of your personal data for direct marketing purposes or where processing is based on legitimate interests.
  • Withdrawal of Consent: Where we rely on your consent to process your data, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. dosya.dev does not currently engage in automated decision-making or profiling that produces legal or similarly significant effects.

To exercise any of these rights, please contact us at privacy@dosya.dev or through our contact page. We will respond to your request within 30 days (or 45 days for CCPA requests, with notice of extension if needed). If we need additional time to process your request under GDPR, we will inform you within the initial 30-day period.

8. International Data Transfers

dosya.dev operates across 46 global regions. Your information may be transferred to, stored, and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

When we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we rely on appropriate safeguards including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission or UK Secretary of State
  • The EU-U.S. Data Privacy Framework, where applicable

You may request a copy of the safeguards we use by contacting us at privacy@dosya.dev.

9. European Users (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the following additional provisions apply:

  • Legal Basis for Processing: We process your personal data based on the specific legal bases outlined in the table in Section 3 above. In summary: (a) contractual necessity to provide the Service; (b) your consent for marketing and non-essential cookies; (c) compliance with legal obligations for tax, regulatory, and law enforcement requests; and (d) our legitimate interests in improving the Service, ensuring security, and preventing fraud, provided they are not overridden by your rights.
  • Data Protection Officer: You may contact our Data Protection Officer at dpo@dosya.dev.
  • Supervisory Authority: You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not complied with applicable data protection laws.
  • Data Processing Agreements: If you are a business or enterprise customer and require a Data Processing Agreement (DPA) to meet your GDPR obligations, please contact us at legal@dosya.dev to request one.

10. California Users (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), provides you with additional rights:

  • Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
  • Right to Opt-Out of Sale or Sharing: You have the right to opt out of the "sale" or "sharing" (as defined by CPRA) of your personal information. dosya.dev does not sell personal information and does not share personal information for cross-context behavioral advertising purposes.
  • Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information to purposes necessary to provide the Service. We only use sensitive personal information for purposes permitted under CPRA.
  • Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise your rights under the CCPA/CPRA, please contact us at privacy@dosya.dev. We will verify your identity before processing your request and will respond within 45 days.

11. Turkish Users (KVKK)

If you are located in Turkey, the Personal Data Protection Law No. 6698 ("KVKK") provides you with additional rights and imposes specific obligations on us:

  • Data Controller Registration: dosya.dev is registered with the Data Controllers Registry (VERBIS) as required by the Turkish Personal Data Protection Authority (KVKK Board).
  • Legal Basis for Processing: We process personal data of Turkish residents based on: (a) your explicit consent; (b) necessity for the performance of a contract; (c) compliance with a legal obligation; (d) the data being made public by you; (e) necessity for the establishment, exercise, or defense of a right; or (f) our legitimate interests, provided they do not harm your fundamental rights and freedoms.
  • Your Rights Under KVKK (Article 11): You have the right to: learn whether your personal data is processed; request information about processing; learn the purpose of processing and whether data is used in accordance with its purpose; know the third parties to whom your data is transferred domestically or abroad; request correction of incomplete or inaccurate data; request deletion or destruction of your data; request notification of corrections or deletions to third parties; object to any result that is to your detriment arising from the analysis of your data exclusively by automated systems; and claim compensation for damages arising from unlawful processing.
  • Cross-Border Transfers: Transfer of personal data of Turkish residents outside of Turkey requires either your explicit consent or an adequacy decision by the KVKK Board regarding the recipient country. Where no adequacy decision exists, we rely on your explicit consent or written undertakings of adequate protection by the data controller in the foreign country, subject to KVKK Board approval.
  • Data Controller Representative: For inquiries related to processing of Turkish residents' data, you may contact us at kvkk@dosya.dev.

You may exercise your rights by submitting a written request to kvkk@dosya.dev. We will respond within 30 days. If your request is denied, you have the right to lodge a complaint with the Turkish Personal Data Protection Authority.

12. Brazilian Users (LGPD)

If you are located in Brazil, the Lei Geral de Protecao de Dados ("LGPD") provides you with additional rights:

  • Legal Basis for Processing: We process personal data of Brazilian residents based on one or more of the following legal bases under LGPD Article 7: (a) your consent; (b) compliance with a legal or regulatory obligation; (c) execution of a contract or preliminary procedures related to a contract at your request; (d) exercise of rights in judicial, administrative, or arbitration proceedings; (e) protection of life or physical safety; (f) legitimate interests of the controller or a third party, unless overridden by your fundamental rights and freedoms; (g) credit protection.
  • Your Rights Under LGPD: You have the right to: confirmation of the existence of processing; access to your data; correction of incomplete, inaccurate, or outdated data; anonymization, blocking, or deletion of unnecessary or excessive data; portability of your data to another service provider; deletion of data processed with your consent; information about public and private entities with which your data has been shared; information about the possibility of denying consent and its consequences; and revocation of consent.
  • Encarregado (Data Protection Officer): Our designated Encarregado for LGPD matters can be reached at dpo@dosya.dev.
  • International Data Transfers: When transferring personal data of Brazilian residents outside of Brazil, we rely on countries with an adequate level of protection as recognized by the ANPD, standard contractual clauses, or your specific and highlighted consent for the transfer.
  • Supervisory Authority: You have the right to lodge a complaint with the Autoridade Nacional de Protecao de Dados (ANPD) if you believe your data protection rights have been violated.

To exercise your rights under LGPD, contact us at privacy@dosya.dev. We will respond within 15 business days.

13. South Korean Users (PIPA)

If you are located in South Korea, the Personal Information Protection Act ("PIPA") provides you with additional protections:

  • Consent: Where required by PIPA, we obtain your separate consent for each category of personal information collected, the purpose of collection and use, the retention period, and any transfer to third parties. You have the right to refuse consent, and we will inform you of any restrictions on the Service that may result from refusal.
  • Your Rights Under PIPA: You have the right to: request access to your personal information; request correction or deletion of your personal information; request suspension of processing; and withdraw your consent at any time. We will act on your request without delay and notify any third parties to whom data has been provided.
  • Overseas Transfer of Personal Information: When transferring personal information of South Korean residents overseas, we will inform you of: the recipient of the information; the country to which the data is transferred (including specific countries where our servers are located); the date, time, and method of transfer; the types of personal information transferred; and the purpose of the transfer by the recipient. We obtain your consent for such transfers as required by PIPA.
  • Destruction of Personal Information: When personal information becomes unnecessary due to the expiration of the retention period or achievement of the processing purpose, we will destroy the information without delay. Where retention is required by other laws, we will store it separately from other personal information.
  • Privacy Officer: Our designated privacy officer for PIPA matters can be reached at privacy@dosya.dev.
  • Supervisory Authority: You may lodge a complaint with the Personal Information Protection Commission (PIPC) or the Korea Internet & Security Agency (KISA).

14. Indian Users (DPDPA)

If you are located in India, the Digital Personal Data Protection Act, 2023 ("DPDPA") provides you with the following rights and protections:

  • Consent: We process your personal data based on your consent or for legitimate uses as defined under the DPDPA. You may give, manage, review, or withdraw your consent at any time through your account settings or by contacting us.
  • Your Rights Under DPDPA: You have the right to: access a summary of your personal data and the processing activities; request correction and completion of inaccurate or incomplete data; request erasure of your personal data (subject to legal retention requirements); nominate another individual to exercise your rights in the event of your death or incapacity; and access a grievance redressal mechanism.
  • Children's Data: Under the DPDPA, the age of a child is defined as below 18 years. We do not knowingly process personal data of individuals under 18 in India without verifiable parental consent. We do not engage in tracking, behavioral monitoring, or targeted advertising directed at children.
  • Data Localization: We comply with any data localization requirements imposed by the Central Government of India regarding the storage and transfer of personal data of Indian residents. If specific categories of personal data are required to be stored in India, we will ensure compliance.
  • Cross-Border Transfers: We will not transfer personal data of Indian residents to any country restricted by the Central Government of India. Transfers to permitted jurisdictions are conducted in accordance with the DPDPA.
  • Grievance Officer: Our designated Grievance Officer for Indian users can be reached at grievance@dosya.dev. We will acknowledge your grievance within 48 hours and resolve it within 30 days.
  • Supervisory Authority: You may lodge a complaint with the Data Protection Board of India if you believe your rights under the DPDPA have been violated.

15. Japanese Users (APPI)

If you are located in Japan, the Act on the Protection of Personal Information ("APPI") provides you with additional protections:

  • Purpose of Use: We will use your personal information only within the scope of the purposes specified in Section 3 of this Privacy Policy. If we need to use your information beyond the originally specified purpose, we will obtain your prior consent.
  • Your Rights Under APPI: You have the right to: request disclosure of your personal information; request correction, addition, or deletion of your personal information if it is inaccurate; request cessation of use or deletion of your personal information if it was acquired improperly or is no longer necessary; and request cessation of provision of your personal information to third parties.
  • Cross-Border Transfers: When transferring personal information of Japanese residents to a foreign country, we will: inform you of the specific countries where your data may be transferred; ensure the recipient provides a level of protection equivalent to APPI; or obtain your consent for the transfer. Countries where data may be transferred include the United States and other jurisdictions where our infrastructure providers operate servers, as listed in Section 5.
  • Handling of Anonymized Data: When we create anonymously processed information from your personal data for analytics purposes, we will comply with APPI requirements, including not attempting to re-identify individuals.
  • Supervisory Authority: You may lodge a complaint with the Personal Information Protection Commission (PPC) of Japan.

16. Canadian Users (PIPEDA and Quebec Law 25)

If you are located in Canada, the Personal Information Protection and Electronic Documents Act ("PIPEDA") and, if you are in Quebec, An Act Respecting the Protection of Personal Information in the Private Sector as amended by Law 25, provide you with additional protections:

  • Consent: We collect, use, and disclose your personal information with your knowledge and consent, except where permitted or required by law. You may withdraw your consent at any time, subject to legal or contractual restrictions, by contacting us.
  • Your Rights Under PIPEDA: You have the right to: access your personal information held by us; challenge the accuracy and completeness of your information and have it amended as appropriate; and know how your information is being used and to whom it has been disclosed.
  • Quebec Residents, Additional Rights (Law 25): If you are a Quebec resident, you also have the right to: data portability in a commonly used technological format; request de-indexing of any hyperlink attached to your name that provides access to your information if it violates the law or a court order; and be informed of any automated decision-making and the reasons behind decisions made exclusively by automated processing.
  • Privacy Impact Assessments: As required by Quebec Law 25, we conduct privacy impact assessments before transferring personal information of Quebec residents outside of Quebec, including an evaluation of the legal framework of the receiving jurisdiction.
  • Cross-Border Transfers: We will inform you that your personal information may be transferred outside of Canada for processing and may be subject to the laws of the jurisdictions where it is processed. We ensure that contractual or other measures are in place to provide a comparable level of protection.
  • Supervisory Authorities: You may lodge a complaint with the Office of the Privacy Commissioner of Canada or, for Quebec residents, the Commission d'acces a l'information du Quebec.

17. Australian Users (Privacy Act)

If you are located in Australia, the Privacy Act 1988 and the Australian Privacy Principles ("APPs") provide you with additional protections:

  • Collection: We only collect personal information that is reasonably necessary for our functions and activities. We collect information by lawful and fair means and, where reasonable and practical, directly from you.
  • Your Rights Under the Privacy Act: You have the right to: access your personal information held by us; request correction of inaccurate, out-of-date, incomplete, irrelevant, or misleading information; and make a complaint about a breach of the APPs.
  • Cross-Border Disclosure: Before disclosing your personal information to overseas recipients, we take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to your information. Your data may be transferred to the countries listed in Section 5 where our infrastructure providers operate. These countries include the United States, countries in the European Union, Singapore, and other jurisdictions where our servers are located.
  • Direct Marketing: You may opt out of receiving direct marketing communications from us at any time by using the unsubscribe mechanism in our emails or by contacting us.
  • Supervisory Authority: You may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

18. UAE Users (PDPL)

If you are located in the United Arab Emirates, the Federal Decree-Law No. 45/2021 on the Protection of Personal Data ("PDPL") provides you with the following rights and protections:

  • Legal Basis for Processing: We process personal data of UAE residents based on: (a) your consent; (b) necessity for performance of a contract; (c) compliance with legal obligations under UAE law; (d) protection of vital interests; or (e) legitimate interests that do not override your rights.
  • Your Rights Under UAE PDPL: You have the right to: access your personal data; request correction of inaccurate data; request deletion or restriction of processing; request cessation of automated processing and profiling; data portability; and object to processing.
  • Cross-Border Transfers: Transfer of personal data outside the UAE is conducted in compliance with the PDPL and any regulations issued by the UAE Data Office, including ensuring that the recipient jurisdiction provides adequate data protection or that appropriate safeguards are in place.
  • Content Compliance: Users in the UAE acknowledge that all content uploaded, stored, or transferred through the Service must comply with applicable UAE laws, including regulations governing public morals, decency, and public order.
  • Supervisory Authority: You may lodge a complaint with the UAE Data Office.

19. Saudi Arabian Users (PDPL)

If you are located in the Kingdom of Saudi Arabia, the Personal Data Protection Law ("PDPL") provides you with the following rights:

  • Consent: We obtain your consent before collecting and processing your personal data, unless an exemption under the PDPL applies (such as contractual necessity, legal obligation, or vital interests).
  • Your Rights Under Saudi PDPL: You have the right to: be informed about the purpose and legal basis for processing; access your personal data; request correction of inaccurate data; request destruction of data that is no longer needed; and withdraw your consent at any time.
  • Cross-Border Transfers: Transfer of personal data outside the Kingdom is conducted in accordance with the PDPL and its implementing regulations, including ensuring adequate protections in the receiving jurisdiction as approved by the Saudi Authority for Data and Artificial Intelligence (SDAIA).
  • Sensitive Data: We do not process sensitive personal data of Saudi residents (including health data, genetic data, or data revealing racial or ethnic origin) unless strictly necessary and with your explicit consent.
  • Supervisory Authority: You may lodge a complaint with the Saudi Authority for Data and Artificial Intelligence (SDAIA).

20. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where required by GDPR or other applicable law.
  • Notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms, providing information about the nature of the breach, the likely consequences, and the measures we have taken or propose to take to address it.
  • Comply with jurisdiction-specific breach notification timelines, including but not limited to: KVKK (Turkey), LGPD (Brazil), PIPA (South Korea), DPDPA (India), and PIPEDA (Canada), each of which may impose specific notification requirements.
  • Document all breaches, including those that do not require notification, along with their effects and the remedial action taken.

21. Children's Privacy

dosya.dev is not intended for children. The minimum age to use our Service varies by jurisdiction:

  • General: 16 years of age
  • United States (COPPA): 13 years of age
  • India (DPDPA): 18 years of age
  • South Korea (PIPA): 14 years of age (with parental consent)

We do not knowingly collect personal information from children below the applicable minimum age in their jurisdiction. If we become aware that we have collected personal data from a child without appropriate parental or guardian consent where required, we will take steps to delete that information promptly. If you believe we may have collected information from a child, please contact us at privacy@dosya.dev.

22. Third-Party Links and Services

Our platform may contain links to third-party websites, services, or integrations that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We strongly advise you to review the privacy policy of every site you visit.

23. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date at the top. For significant changes, we will provide a more prominent notice, such as an email notification or an in-app banner, at least 30 days before the changes take effect.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

24. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: