Effective Date: February 2026
This Privacy Policy describes how personal data is processed and protected in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and, where applicable, the California Consumer Privacy Act (CCPA).
1. Data Controller
In accordance with GDPR Article 4(7), you are the sole Data Controller, exercising full authority over the purposes and means of processing personal data.
2. Scope of Data Processing
Personal data processed under this policy consists solely of data voluntarily created or provided by you for your own use.
No data is collected from third parties, public sources, or automated tracking technologies.
3. Lawful Basis for Processing
Personal data is processed in compliance with GDPR Article 6(1) based on one or more of the following lawful bases:
- Article 6(1)(a) — Consent: You explicitly consent to the processing of your own data.
- Article 6(1)(f) — Legitimate Interest: Processing is necessary for your legitimate interest in storing and managing your own data.
4. Data Storage and Security Measures
In compliance with GDPR Article 32, appropriate technical and organizational measures are implemented to ensure a level of security appropriate to the risk, including:
- Encryption of stored data
- Exclusive storage on a local server
- No cloud-based infrastructure
- No remote access or third-party hosting
5. Data Access and Confidentiality
In accordance with GDPR Articles 5(1)(f) (integrity and confidentiality) and 32, access to personal data is strictly limited to you.
No personal data is accessed, processed, disclosed, or made available to:
- Third parties
- Service providers or processors
- Analytics or advertising services
- External platforms or vendors
6. Data Sharing, Sale, and Disclosure
Personal data is not sold, not shared, not licensed, and not disclosed to any third party.
For the purposes of CCPA Section 1798.140, personal data is not sold or shared, and no such activity will occur in the future.
7. Data Subject Rights
Where applicable under GDPR Chapter III (Articles 12–23), you retain full control over your personal data, including the right to:
- Access (Article 15)
- Rectification (Article 16)
- Erasure / Right to be Forgotten (Article 17)
- Restriction of Processing (Article 18)
- Data Portability (Article 20)
- Object to Processing (Article 21)
As the sole data subject and controller, these rights are exercised directly by you.
8. Data Retention
In accordance with GDPR Article 5(1)(e) (storage limitation), personal data is retained only for as long as you choose to store it. No automated retention or deletion schedules are enforced.
9. International Data Transfers
In compliance with GDPR Chapter V (Articles 44–50), no personal data is transferred outside of its local storage environment or to third countries or international organizations.
10. Changes to This Policy
This Privacy Policy may be updated periodically. Any changes will be reflected by an updated effective date.