Privacy Policy

1. Introduction

Welcome to Expiry Keeper. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our document expiry tracking service.

This Privacy Policy applies to all users of Expiry Keeper and complies with the General Data Protection Regulation (GDPR) for users in the European Union and other applicable privacy laws.

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you voluntarily provide when using our Service:

• Account Information: Name, email address, password (encrypted), and profile details
• Document Data: Document names, expiry dates, categories, notes, and any other information you choose to add
• Payment Information: For premium subscriptions, we collect payment information through our third-party payment processor
• Communications: Any messages, feedback, or support requests you send to us

2.2 Information Automatically Collected

When you use our Service, we automatically collect certain information:

• Usage Data: Pages visited, features used, time spent on the Service, and interaction patterns
• Device Information: Device type, operating system, browser type and version, IP address, and unique device identifiers
• Analytics Data: We use third-party analytics services to understand how users interact with our Service
• Cookies and Similar Technologies: We use cookies and similar tracking technologies to enhance your experience

3. How We Use Your Information

We use the collected information for the following purposes:

• Provide and Maintain the Service: To operate, maintain, and improve Expiry Keeper's features and functionality
• Send Notifications: To send you email notifications about upcoming document expiries and important updates
• Process Payments: To process subscription payments and manage billing
• Customer Support: To respond to your inquiries, provide support, and troubleshoot issues
• Analytics and Improvement: To analyze usage patterns and improve our Service
• Security and Fraud Prevention: To detect, prevent, and address security issues and fraudulent activity
• Legal Compliance: To comply with legal obligations and enforce our Terms of Service
• Communication: To send you service-related announcements, updates, and promotional content (you can opt out of promotional emails)

4. Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal data based on the following legal grounds:

• Contractual Necessity: Processing is necessary to perform our contract with you (providing the Service)
• Legitimate Interests: We have legitimate interests in improving our Service, preventing fraud, and ensuring security
• Consent: For certain activities like sending promotional emails, we rely on your explicit consent
• Legal Obligations: We may process data to comply with legal requirements

5. Sharing Your Information

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

5.1 Service Providers

We share data with trusted third-party service providers who help us operate the Service:

• Email Service Providers: To send notification emails and service communications
• Analytics Providers: To analyze usage patterns and improve our Service
• Payment Processors: To process subscription payments (for premium users)
• Cloud Infrastructure: To host and store your data securely

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, or government regulations).

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new owner. We will notify you of any such change and provide options regarding your data.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption: Data is encrypted in transit using SSL/TLS and at rest using industry-standard encryption
• Access Controls: Strict access controls limit who can access your data
• Secure Infrastructure: We use reputable cloud infrastructure providers with robust security measures
• Regular Security Audits: We conduct regular security assessments and updates

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Active Accounts: We retain your data while your account is active and you continue to use the Service
• Deleted Accounts: When you delete your account, we retain your data for 90 days to allow for account recovery in case of accidental deletion. After 90 days, your data is permanently deleted from our systems.
• Legal Requirements: We may retain certain data for longer periods if required by law or to resolve disputes
• Analytics Data: Aggregated, anonymized analytics data may be retained indefinitely for statistical purposes

8. Your Rights and Choices

You have certain rights regarding your personal data. Depending on your location, these may include:

8.1 Access and Portability

You have the right to access your personal data and request a copy in a structured, commonly used format.

8.2 Correction

You can update or correct your account information at any time through the Service settings. If you need assistance, contact us at [email protected].

8.3 Deletion

You can delete your account at any time through the Service settings. Upon deletion, your data will be retained for 90 days and then permanently deleted.

8.4 Objection and Restriction

You have the right to object to certain processing of your data and request restriction of processing in certain circumstances.

8.5 Withdraw Consent

Where we rely on your consent to process data, you can withdraw consent at any time. This includes opting out of promotional emails by clicking the unsubscribe link in any email or updating your notification preferences.

8.6 GDPR Rights (EU Users)

If you are in the European Union, you have additional rights under GDPR, including:

• Right to lodge a complaint with a supervisory authority
• Right to data portability
• Right to be forgotten (erasure) in certain circumstances
• Right to object to automated decision-making

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and collect usage data:

• Essential Cookies: Required for the Service to function properly (e.g., authentication, security)
• Analytics Cookies: Help us understand how users interact with the Service
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of the Service.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your jurisdiction.

When we transfer data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission (for EU users) or other legally compliant mechanisms.

11. Children's Privacy

Expiry Keeper is not intended for users under the age of 16. We do not knowingly collect personal information from children under 16.

If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information as quickly as possible. If you believe we have collected data from a child under 16, please contact us immediately at [email protected].

12. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

We will notify you of any material changes by:

• Posting the updated Privacy Policy on this page with a new "Last updated" date
• Sending you an email notification (for significant changes)
• Displaying a prominent notice in the Service

Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

15. Data Protection Officer

For GDPR-related inquiries, you can contact our data protection officer at [email protected] with the subject line "GDPR Inquiry" or "Data Protection Officer."