This Privacy Policy ("Policy") describes how Homeopathic Solutions ("we", "us", "our", "the Service") collects, processes, stores, and protects personal data of users ("you", "User") in accordance with applicable data protection legislation, including the EU General Data Protection Regulation (GDPR) 2016/679.

By accessing or using the Service, you acknowledge that you have read and understood this Policy and consent to the processing of your personal data as described herein.

• Personal data — any information that identifies or can identify a natural person, directly or indirectly.
• Processing — any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
• Data controller — the entity that determines the purposes and means of processing personal data — in this case, the Homeopathic Solutions administration.
• Data subject — a natural person whose personal data is processed by the Service — i.e., the User.

Depending on how you interact with the Service, we may collect the following categories of data:

When you register for an account, we collect:

• Email address (required, used as the primary identifier).
• Username (required, unique display name).
• First name and last name (optional).
• Timezone preference (optional, used to display dates correctly).
• Language preference — English, Ukrainian, or Russian (optional).
• Account creation and last-modified timestamps.
• Email verification status.

When you submit a support request or feedback form, we collect:

• Name and email address provided in the form.
• Issue type and priority level.
• URL of the page the request is related to.
• Message text.
• Screenshot or attachment (if voluntarily provided).
• IP address of the submitter (collected automatically).
• Browser user-agent string (collected automatically).
• Date and time of submission.

When you access the Service, our servers automatically record:

• IP address and approximate geographic location derived from it.
• Browser type, version, and operating system.
• Referring URL and pages visited within the Service.
• Date and time of each request.

We do not collect sensitive categories of personal data, including health records, financial information, biometric data, or precise real-time geolocation. The Service is a reference platform and does not require such data to operate.

We process your personal data only for specific, explicit, and legitimate purposes:

• Account management — to create and maintain your account, authenticate you, and send service notifications (e.g. email verification).
• Personalisation — to apply your language and timezone preferences throughout the Service.
• Support & communication — to process your support requests, respond to enquiries, and resolve technical issues.
• Security & abuse prevention — to detect, investigate, and prevent fraudulent or unauthorised activity, including spam and malicious requests.
• Service improvement — to analyse usage patterns, diagnose technical problems, and improve the platform based on aggregated, anonymised statistics.
• Legal compliance — to fulfil our obligations under applicable law and respond to lawful requests from authorities.

For users in the European Union and European Economic Area, we process personal data on the following legal bases under Article 6 of the GDPR:

• Contractual necessity (Art. 6(1)(b)) — processing required to provide account services and respond to support requests.
• Legitimate interests (Art. 6(1)(f)) — processing for security purposes, fraud prevention, and service analytics, provided these interests are not overridden by your rights.
• Legal obligation (Art. 6(1)(c)) — processing necessary to comply with legal requirements applicable to the Service.
• Consent (Art. 6(1)(a)) — where we rely on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy or as required by law.

• Account data — retained for the duration of your account and for up to 3 years after account deletion, unless a shorter period is required by law.
• Support requests — retained for up to 2 years after the ticket is resolved, to enable quality control and reference in case of follow-up enquiries.
• Technical logs — server logs, including IP addresses, are retained for up to 90 days for security and diagnostic purposes, after which they are deleted or anonymised.

After the retention period expires, data is securely deleted or irreversibly anonymised.

We do not sell, rent, or trade your personal data. We may share data only in the following limited circumstances:

• Service providers — trusted third-party vendors who assist in operating the Service (e.g. hosting, email delivery), bound by data processing agreements and prohibited from using data for independent purposes.
• Legal requirements — when required to do so by law, court order, or governmental authority, we may disclose data to the extent necessary to comply.
• Protection of rights — in cases where disclosure is necessary to protect the legal rights, safety, or property of the Service, its users, or the public.

We do not transfer personal data to advertising networks or use it for behavioural profiling.

The Service uses cookies and similar browser storage technologies to maintain your authenticated session and apply your preferences.

• Session cookies — essential for keeping you logged in during a browsing session. Deleted when you close your browser.
• Persistent preference cookies — store your language and display preferences across sessions. Retained until cleared by you or expired.
• CSRF protection tokens — security tokens required to protect form submissions from cross-site request forgery attacks.

7.2 We do not use third-party tracking cookies, advertising cookies, or analytics cookies from external providers. You may disable cookies in your browser settings; however, some features of the Service may not function correctly without them.

If your data is transferred outside your country of residence, including outside the European Economic Area, we ensure an adequate level of protection through:

• Standard Contractual Clauses approved by the European Commission.
• Adequacy decisions covering the destination country.
• Other legally recognised transfer mechanisms under applicable law.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of access — to obtain a copy of the personal data we hold about you.
• Right to rectification — to request correction of inaccurate or incomplete data.
• Right to erasure — to request deletion of your personal data, subject to legal retention obligations.
• Right to restriction — to request that we limit processing of your data in certain circumstances.
• Right to data portability — to receive your data in a structured, machine-readable format (where technically feasible).
• Right to object — to object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent — to withdraw consent at any time where processing is based on consent, without affecting prior processing.
• Right to lodge a complaint — to file a complaint with a supervisory authority if you believe your data protection rights have been violated.

To exercise any of these rights, please contact us using the details in Section 13. We will respond within 30 calendar days.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure, including:

• Encrypted data transmission via HTTPS/TLS.
• Password hashing using industry-standard algorithms.
• Access controls that limit data access to authorised personnel only.
• Regular security monitoring and vulnerability assessments.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, affected users without undue delay.

The Service is intended for users aged 16 and over. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately and we will delete the relevant data.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Material changes will be communicated at least 14 calendar days in advance via email or a prominent notice on the platform. The "Effective date" at the top of this page indicates when the current version entered into force. Continued use of the Service following notification constitutes acceptance of the revised Policy.

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

If you are located in the EU/EEA and believe that our processing of your data infringes the GDPR, you have the right to lodge a complaint with your local data protection supervisory authority.