1. Introduction

1.1. Welcome to [Company Name] ("we", "us", "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.example.com (the "Site").

1.2. By using the Site you agree to the collection and use of information in accordance with this policy.

2. Definitions

2.1. Personal Data — Any information relating to an identified or identifiable natural person.

2.2. Usage Data — Data collected automatically, e.g., device, browsing actions, IP address.

2.3. Controller — The party that determines the purposes and means of processing Personal Data.

3. Information We Collect

3.1. Information you provide directly:

• a) Account registration details (name, email, password).
• b) Profile information (username, avatar, bio).
• c) Payment information (credit/debit card details, billing address) — note: payment processors may store card details separately.
• d) Communication content (messages, support tickets, feedback).

3.2. Information collected automatically:

• a) Device & browser data (type, OS version, language).
• b) Log data (IP address, timestamps, pages visited).
• c) Cookies and similar tracking technologies.
• d) Analytics and usage statistics.

3.3. Third-party sources:

• a) Social networks (if you sign in using Facebook/Google/Apple).
• b) Advertising and analytics partners.

4. How We Collect Information

• 4.1. Directly from you when you fill forms or communicate with us.
• 4.2. Automatically via cookies, web beacons, and server logs.
• 4.3. From third-parties (partners, service providers, social networks).

5. Use of Your Information

• 5.1. To provide, operate, and maintain the Site.
• 5.2. To improve, personalize, and develop new features.
• 5.3. To process transactions and manage payments.
• 5.4. To communicate with you: newsletters, marketing, service updates.
• 5.5. To detect, prevent and address technical issues, fraud, or abuse.
• 5.6. To comply with legal obligations.

6. Legal Bases for Processing (where applicable)

• 6.1. Consent — when you have given clear consent for processing.
• 6.2. Contractual Necessity — to perform a contract with you.
• 6.3. Legal Obligation — to comply with applicable law.

7. Cookies and Tracking Technologies

7.1. Types of cookies:

• a) Strictly necessary cookies — required for site operation.
• b) Performance cookies — collect anonymous usage statistics.
• c) Functional cookies — remember preferences.
• d) Advertising/targeting cookies — used for marketing.

7.2. How to control cookies:

• a) Browser settings (instructions link: [placeholder]).
• b) Cookie preference center on our Site (if available).

8. Disclosure of Your Information

8.1. We may share information with:

• a) Service providers and vendors (hosting, payment processors, analytics).
• b) Affiliates and subsidiaries.
• c) Legal authorities when required by law.
• d) In connection with a business transfer (merger, acquisition, bankruptcy).

8.2. Sale of personal data:

a) We do / do not (choose one) sell personal data. If you wish to opt-out, contact: privacy@example.com.

9. Third-Party Services and Links

9.1. The Site may contain links to third-party websites. We are not responsible for their privacy practices.

9.2. Third-party services (e.g., Google Analytics, Stripe, PayPal, social login providers) may collect data about you. Please review their privacy policies.

10. International Data Transfers

10.1. Your data may be transferred to and processed in countries other than your residence. We will take steps to ensure appropriate safeguards (e.g., Standard Contractual Clauses, Privacy Shield alternatives).

11. Data Security

11.1. We implement reasonable administrative, technical, and physical safeguards to protect Personal Data.

11.2. However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

12. Data Retention

12.1. We retain Personal Data as long as necessary for the purposes set out in this Policy or as required by law.

12.2. Typical retention periods (examples):

• a) Account information: until account deletion + 2 years.
• b) Transaction records: 6 years for tax/legal compliance.
• c) Support logs: 1 year.

13. Your Rights (where applicable)

• 13.1. Right to Access — request a copy of your data.
• 13.2. Right to Rectification — correct inaccurate data.
• 13.3. Right to Erasure (Right to be Forgotten) — request deletion, subject to exceptions.
• 13.4. Right to Restrict Processing.
• 13.5. Right to Data Portability — receive your data in a structured, commonly used format.
• 13.6. Right to Object — to processing based on legitimate interests or direct marketing.

13.7. How to exercise rights:

• a) Email: privacy@example.com
• b) Postal: [Company Address]
• c) Phone: [+00 0000 0000]

13.8. We may ask for identity verification before fulfilling requests.

14. Children’s Privacy

14.1. Our Site is not intended for children under 13 / 16 (choose appropriate age). We do not knowingly collect Personal Data from children under this age. If you believe we have collected such data, contact us to request deletion.

15. Changes to This Privacy Policy

15.1. We may update this Policy from time to time. We will notify users by posting the new Policy on this page with an updated "Effective date." Material changes may be communicated via email or in-site notice.

16. Governing Law and Dispute Resolution

16.1. Governing Law: This Policy is governed by the laws of [State/Country].

16.2. Dispute Resolution: Any disputes will be subject to the exclusive jurisdiction of the courts of [City/State/Country], or arbitration as chosen by the Company.

17. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us:

• Email: privacy@example.com
• Address: [Company Address]
• Phone: [+00 0000 0000]

Appendix: Optional Clauses / Boilerplate Items

A. Data Protection Officer (DPO)

• Name: [DPO Name]
• Email: dpo@example.com

B. Additional regional notices

• California Residents: California Consumer Privacy Act (CCPA) rights: Right to know, delete, opt-out of sale, non-discrimination.
• EU Residents: GDPR-specific clauses (lawful bases, Data Protection Officer, Supervisory Authority contact).

C. Automated Decision Making & Profiling

• We / do not use automated decision-making that has legal or similarly significant effects. If we do, provide details and rights to contest decisions.

D. Retention Matrix (sample)

• | Data Type | Retention Period | Purpose |
| ---------------- | ---------------------: | ---------------------- |
| Account profile | Account life + 2 years | Service & support |
| Payment records | 6 years | Legal/compliance |
| Logs & analytics | 12 months | Performance & security |