Data Collection, Storage & Protection Policy

1. Types of Data Collected

• Personal Identifiable Information (PII): name, contact, email, etc.

• Non-Personal / Technical Data: IP address, browser, device, navigation.

2. Methods of Collection

• Directly from users via registration, forms, and applications.

• Automatically through site usage (cookies, logs).

• Possibly from third parties with user consent or via integrations.

3. Data Storage

• Data is stored on secure servers (cloud or on-premises) with regular backups.

• Backups are encrypted and stored separately.

• Only authorized personnel have access.

4. Data Protection Measures

• SSL/TLS encryption for data transmission.

• Encryption at rest for sensitive data.

• Regular software updates and security patches.

• Intrusion detection, firewall, and malware protection.

• Access controls and role-based permissions.

• Audit trails and logs of access and changes.

5. Incident Response

In case of a data breach, affected users and authorities will be notified as required by law. Steps will be taken to mitigate damage, investigate, and prevent recurrence.

6. Data Deletion / Anonymization

When data is no longer needed, it will be securely erased or anonymized, including deletion from backups as per policy.