Policy version 2026-06-01.
This is a placeholder. Replace with your organisation's GDPR privacy notice before going live. It should state the data controller, the lawful basis for processing, what data is collected, retention periods, that files are encrypted at rest (AES-256/XChaCha20-Poly1305) and in transit (TLS), and how to exercise data-subject rights (access, portability, erasure) via the in-app Privacy page.
← BackConfidential data is encrypted at rest. Never share your password.