1. Introduction and scope

1.1. This Privacy Policy (the "Policy") describes what data we collect, how we use it, and how we protect it when providing the Palert service (the "Service", "we", "Operator").

1.2. The Policy applies to the website, web app, and other Palert digital products, as well as interactions with users in different jurisdictions.

1.3. We aim to comply with applicable data protection laws, including the GDPR (EU), UK GDPR, CCPA/CPRA (California), and other laws that apply in your country of residence.

2. What data we collect

2.1. Depending on how you use the Service, we may collect:

• contact and account data (name, email, phone number, profile data);
• account and authentication data (account ID, password hash, settings);
• technical and usage data (IP address, device type, browser, event logs, access times);
• transaction and payment data (amounts, currency, payment status; payment details are processed by payment providers and may not be stored by us);
• content and data you add to the Service (for example, watchlists, alerts, support requests).

3. How we use data

3.1. We use data to:

• provide and administer the Service, including registration, authentication, and support;
• process requests and inquiries;
• send service notifications and messages related to the Service;
• analyze and improve functionality and security;
• comply with legal obligations and protect rights and interests.

3.2. Marketing messages are sent only with your consent or as permitted by law; you can opt out at any time.

4. Legal bases for processing (GDPR)

4.1. For users in the EEA and the UK, we process data on the following bases:

• contract performance (providing the Service);
• consent (for example, marketing or optional cookies);
• legal obligation (tax and accounting requirements);
• legitimate interests (security, abuse prevention, analytics), where they do not override your rights.

5. Cookies and similar technologies

5.1. We use cookies and similar technologies for site operation, analytics, and personalization.

5.2. Cookie categories:

• strictly necessary (enable site operation);
• functional (remember settings);
• analytics (help improve the Service);
• marketing (used for advertising purposes, if applicable).

5.3. Users in the EEA/UK can give or withdraw consent for non-essential cookies via the banner or browser settings.

5.4. Disabling cookies may limit certain features.

6. Sharing data with third parties

6.1. We may share data with service providers that help us deliver the Service (hosting, analytics, email, support, payments).

6.2. We may disclose data if required by law, a government request, or to protect rights and safety.

6.3. In the event of a business reorganization, data may be transferred to a successor subject to legal requirements.

6.4. We require recipients to keep data confidential and secure.

7. International data transfers

7.1. Your data may be processed in countries where our contractors or infrastructure are located.

7.2. For transfers from the EEA/UK, we use lawful safeguards, including Standard Contractual Clauses (SCCs) or other applicable tools.

7.3. You can request information about safeguards using the contact details below.

8. Your rights

8.1. You may request access, correction, deletion, restriction of processing, data portability, object to processing, and withdraw consent.

8.2. Users in the EEA/UK also have the right to lodge a complaint with a data protection authority.

8.3. California users (CCPA/CPRA) have the right to know what data is collected and disclosed, request deletion or correction, opt out of the "sale" or "sharing" of data for targeted advertising (if applicable), and not be discriminated against for exercising their rights.

8.4. To exercise your rights, contact us using the details below; we may verify your identity.

9. Data retention

9.1. We retain personal data for as long as necessary for processing purposes, account management, and legal compliance.

9.2. After the purposes are fulfilled, data is deleted or anonymized unless longer retention is required by law.

10. Security

10.1. We use organizational and technical security measures, including access control, encryption, and backups.

10.2. Despite these measures, no method of transmission or storage can be guaranteed secure.

11. Children

11.1. The Service is not intended for users under 13, and for users in the EEA/UK under 16, unless allowed by law.

11.2. If we learn that we processed a child's data without the required consent, we will delete it.

12. Contact

12.1. For data-related questions, contact us at policy@palert.io.