Privacy Policy
1. Introduction
At One Sentence Diary (onesentencediary.com), we are steadfastly committed to protecting and respecting your privacy. Our approach to data processing is grounded in transparency, control, and compliance, with a strong emphasis on safeguarding your personal information in accordance with leading international privacy laws and regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy outlines how we collect, use, store, and share your information and the rights you have in relation to your personal data.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users of the website onesentencediary.com (hereinafter referred to as “the Site”), and to all personal information collected through or in connection with the Site and related services. For the purposes of applicable data protection laws, One Sentence Diary acts as the Data Controller, meaning we are responsible for determining the purposes and means by which your personal data is processed. If you have any questions regarding this policy or your data, please contact us at [email protected].
3. Categories of Data Processed
We may collect and process the following categories of personal data:
a. Usage Data
Includes details about how you access and interact with the Site, including your browser type and version, IP address, time zone settings, pages visited, referring pages, and session logs.
b. Account Data
Includes your name, email address, mailing address, telephone number, and any information you submit when registering for a user account on the Site.
c. Profile Data
Includes details about your diary entries, preferences, purchase history, and behavioral usage patterns tied to site features and content.
d. Communication Data
Includes records of correspondence with you, including customer service interactions, technical support enquiries, feedback submissions, and other direct communications.
e. Technical Data
Includes your device’s operating system, platform information, device identifiers, language settings, screen resolution, and system configuration.
f. Transaction Data
Includes information about services or products you have purchased, order details, billing addresses, payment confirmations, and delivery data.
g. Preference Data
Includes your choices regarding marketing communications, notification settings, content filtering preferences, and expressed product or service interests.
4. Legal Bases for Processing
We process your personal data as permitted under applicable laws, relying on the following legal justifications:
– Contractual Necessity: To perform our obligations under a contract with you (e.g., providing access to your user account or fulfilling an order).
– Consent: To the extent you have given clear, informed consent for specific processing activities such as marketing.
– Legitimate Interests: To manage and improve our services, prevent fraud, safeguard information system integrity, and ensure optimal user experiences, provided these interests are not overridden by your fundamental rights and freedoms.
– Legal Obligation: To comply with legal or regulatory obligations including data retention, dispute resolution, and enforcement responsibilities.
5. Your Rights Under GDPR and CCPA
You have the following rights in respect of your personal data:
– Right to Access: To obtain confirmation of whether your data is being processed and to access it.
– Right to Rectification: To correct any inaccurate or incomplete personal data we hold.
– Right to Erasure (“Right to be Forgotten”): To request deletion of your personal data where permissible by law.
– Right to Restriction of Processing: To limit how we process your information in specific circumstances.
– Right to Data Portability: To receive your personal data in a structured, commonly used, machine-readable format, and to transmit it to another controller.
– Right to Object: To object to certain processing based on legitimate interest or direct marketing.
– Right Not to Be Subject to Automated Decision-Making: You have the right to avoid decisions based solely on automated processing where such decision significantly affects you.
California residents may additionally request:
– Disclosure of the categories and specific pieces of personal information collected.
– Details regarding the sources of collection and purposes of processing.
– Information about third parties with whom data is shared or sold, if applicable.
– The ability to opt out of the sale of personal information.
– The right not to be discriminated against for exercising privacy rights.
To exercise any of these rights, you may contact us at [email protected]. We may require verification of your identity prior to fulfilling certain requests.
6. Security Measures
We implement appropriate technical and organizational safeguards to maintain the confidentiality, integrity, and availability of your personal data. These include, but are not limited to:
– Data encryption both at rest and in transit
– Role-based access controls and authentication mechanisms
– Secure data storage and regular system backups
– Employee access restricted to the principle of least privilege
– Ongoing staff training in data protection and cybersecurity best practices
While no method of transmission or storage is ever completely secure, we diligently work to prevent unauthorized access, disclosure, alteration, or destruction.
7. International Transfers
Your personal data may be transferred to, stored in, or processed within jurisdictions outside of your country of residence. In circumstances where such transfers occur, we rely on standard contractual clauses approved by the European Commission or other legally recognized mechanisms to ensure an adequate level of data protection consistent with your rights and our obligations under applicable law.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, regulatory, or contractual requirements. Retention periods are as follows:
– Account Data: Retained for the duration of your engagement with onesentencediary.com, and for up to two years thereafter.
– Transaction Data: Retained for seven years for tax and accounting compliance.
– Communication Data: Retained for three years after final contact.
– Technical and Usage Data: Retained for twelve months for analytics and system optimization.
– Preference Data: Retained so long as your user account is active or until revoked.
Upon expiration of applicable retention periods, data is securely deleted or anonymized.
9. Cookie Policy
We use cookies and similar technologies to enhance user experience and improve our Site functionality. Cookies may be:
– Essential: Required to enable core functionality of the Site, such as content rendering and security validation.
– Functional: Facilitate user preferences or session persistence (e.g., remembering a selected theme).
– Analytics: Monitor performance through anonymized statistics in order to optimize usability and content.
– Performance: Help us test and improve loading speeds and user interaction metrics.
These cookies may be first-party or set by trusted third-party providers.
10. Cookie Management and Compliance
In compliance with GDPR and CCPA regulations, users of onesentencediary.com can manage their cookie preferences via the Site’s cookie banner or settings panel. You may accept or decline non-essential cookies, and the Site will honor “Do Not Track” (DNT) signals where commercially feasible. Additionally, most browsers allow you to disable or manage cookies via browser settings.
11. Children Under 13
The services and content of onesentencediary.com are not designed or intended for individuals under the age of 13. We do not knowingly collect personal information from children. If we become aware that we have knowingly received data from a child under 13, we will take reasonable steps to delete such information promptly. Parents or guardians who believe their child has provided information may contact us at [email protected] for immediate assistance.
12. Policy Updates and User Notifications
We may amend this Privacy Policy from time to time to reflect changes in applicable law, regulations, or our practices. When updates are made, they will be posted on the Site, and material changes will be communicated by suitable means. Continued use of the Site following changes constitutes acceptance of the updated Policy. We encourage you to review this document periodically.
13. Contact
For any inquiries, concerns, or requests relating to your personal data or this Privacy Policy, please contact:
Email: [email protected]
We are committed to compliance and transparency and will respond to your data protection queries in a timely and informed manner.