Privacy Policy for Envolya

Last Updated: 01/31/25

1. Data Controller

Envolya
Email: [email protected]

2. Information We Collect

Account Creation:

• Name (as provided by you)
• Email address

Authentication:

If you use Google OAuth, we receive your name and email from Google (we do not access your Google password or other profile data).

3. How We Use Your Data

• To create and manage your account.
• To enable you to send/receive virtual letters.
• To communicate with you (e.g., account notifications, password resets).
• To comply with legal obligations.

4. Legal Basis (GDPR)

We process your data based on:

• Contractual necessity: To provide the service you requested.
• Legitimate interest: For security and fraud prevention.
• Consent: For optional features (if any).

5. Data Retention

We retain your data:

• Until you delete your account.

6. Cookies

We use strictly necessary cookies:

• Session cookies: To keep you logged in.
• Security cookies: To prevent CSRF attacks.

No consent is required for these cookies.

7. Your GDPR Rights

You have the right to:

• Access, correct, or delete your data.
• Restrict processing or object to processing.
• Data portability (receive your data in a machine-readable format).
• Withdraw consent (if applicable).

To exercise these rights, contact us at [email protected].

8. Data Security

• All data is encrypted in transit (SSL/TLS).
• Password hashes (if using credentials).
• Regular security audits.

9. Third-Party Services

Google OAuth: Authentication via Google is optional. Your use of Google OAuth is governed by Google’s Privacy Policy.

We do not share your data with advertisers, analytics tools, or other third parties.

10. Children’s Privacy

Our service is not intended for users under 13. If we learn that a child under 13 has provided personal data, we will delete it promptly.

11. Changes to This Policy

We will notify users of material changes via email or a website notice.

12. Contact

For questions or data requests, contact: [email protected]