Privacy Policy

This Privacy Policy explains how personal information is collected, used, stored, shared, and protected across the Efekan ecosystem. It covers the main portfolio site, Labs projects, standalone product subdomains, and administrative or account-enabled features operated in the same system.

Some individual services may present additional in-product notices if they collect or use data in a more specific way. If that happens, the more specific notice supplements this policy.

Depending on how you use the services, the ecosystem may collect: identifiers and contact information you provide; account and authentication data; content, files, or settings you submit; device, browser, and usage data; logs and diagnostics; and browser-side storage such as cookies, local storage, or session storage used for essential product behavior.

Where a service includes sign-in, cloud sync, user preferences, game saves, uploads, playlists, or profile settings, associated data may be stored in application databases or storage buckets tied to the relevant project.

If you contact through social links, sign in, submit forms, upload assets, save project settings, create playlists, synchronize content, or otherwise send data through a feature, the information you choose to provide may be processed to operate that feature or respond to you.

You should avoid sending unnecessary sensitive personal information unless it is clearly required for the feature you are using.

Like most online services, the ecosystem may automatically collect technical and usage information such as IP-derived region, browser type, device characteristics, timestamps, referring pages, request logs, crash information, and performance telemetry.

Hosting and performance tooling may also process operational diagnostics to keep the services stable, measure performance, detect abuse, and troubleshoot errors.

The services may use cookies or similar mechanisms for session management, admin authentication, security, and feature continuity. Some projects also use local storage or session storage to remember interface state, language, theme, playback state, selected devices, cached media metadata, temporary redirects after sign-in, or other product preferences.

The ecosystem is not designed around advertising cookies. However, embedded third-party content or infrastructure providers may set or rely on their own cookies or browser storage according to their own policies.

Information may be used to deliver the services, authenticate users, save settings, sync data across devices, operate uploads, provide account functionality, maintain admin tools, secure the infrastructure, monitor performance, prevent abuse, debug issues, improve the products, and communicate in response to requests.

Where permitted by law, information may also be used to enforce terms, investigate misconduct, comply with legal obligations, and protect the rights, safety, and property of users, operators, and third parties.

Where laws such as the GDPR or similar frameworks apply, processing may rely on one or more legal bases including consent, performance of a contract or requested service, compliance with legal obligations, and legitimate interests such as maintaining security, improving reliability, and operating the ecosystem.

If processing depends on consent, you may withdraw that consent where the law gives you that right, although this will not affect processing already carried out before withdrawal.

Personal information is not sold for money. Information may be shared with service providers and infrastructure partners only as reasonably necessary to host, store, process, secure, analyze, authenticate, or operate the services.

Examples of categories of recipients may include hosting providers, database and storage providers, authentication providers, analytics or performance providers, email or communication tools, and third-party platforms integrated by a specific project.

Information may also be disclosed if required by law, to respond to lawful requests, to enforce rights, or to prevent fraud, abuse, or security incidents.

Because the ecosystem relies on cloud infrastructure and third-party providers, information may be processed in countries other than your own, including jurisdictions that may not provide the same level of legal protection as your home jurisdiction.

Where required by applicable law, reasonable steps are intended to be taken to use providers and safeguards appropriate for cross-border processing.

Information is retained for as long as reasonably necessary for the purposes described in this policy, including to operate services, maintain records, resolve disputes, enforce terms, comply with legal obligations, and protect the ecosystem.

Retention periods can vary depending on the type of information, whether you have an account, whether content remains active in a project, and whether logs or backups are still needed for operational integrity.

When information is no longer reasonably needed, it may be deleted, anonymized, or aggregated, subject to technical constraints, lawful retention needs, and backup cycles.

Reasonable technical and organizational measures are intended to be used to protect information against unauthorized access, loss, misuse, alteration, or disclosure. These measures may include access controls, authentication, service-provider restrictions, infrastructure security, and limited internal access on a need-to-know basis.

No internet or cloud-based system can be guaranteed completely secure, so absolute security cannot be promised.

Depending on your location and the law that applies, you may have rights to request access to personal information, correction of inaccurate information, deletion, restriction of processing, objection to certain processing, portability, or withdrawal of consent.

California residents may also have privacy rights under California law, and individuals in the EU, EEA, or UK may have rights under data protection law applicable to them.

Requests will be evaluated and responded to in line with applicable law, and reasonable verification may be required before acting on a request.

The services are not intended to knowingly collect personal information from children in violation of applicable law. If you believe personal information from a child has been provided improperly, contact through the public contact methods on the site so the issue can be reviewed.

Where a feature appears in an experimental or game-oriented context, that does not change the expectation that any collection of personal information must still comply with applicable child-privacy rules.

Certain projects may connect to or embed third-party services, media, APIs, or platforms. Those third parties may independently receive technical information when you interact with their content.

Their data practices are governed by their own privacy notices and terms, not this policy.

This Privacy Policy may be updated from time to time to reflect changes in law, infrastructure, providers, products, and data practices. The published "Last updated" date reflects the most recent revision.

Continued use of the services after an update means the revised policy applies to future use to the extent permitted by law.

If you have questions about this policy or want to make a privacy-related request, use the public contact methods or social/contact links listed on efekan.xyz and identify the relevant service, subdomain, or account where possible.

If you are requesting access, correction, or deletion, include enough detail to help locate the relevant records and verify that the request is legitimate.