سياسة الخصوصية

This section describes the categories of personal information, personally identifiable information, technical data, usage data, and other information (collectively, "Data") that NotPanel (the "Company," "we," "us," or "our") may collect from you (the "User," "you," or "your") in connection with your access to and use of the NotPanel platform, website, application programming interfaces, and all related services, features, content, and functionality (collectively, the "Services"). By accessing or using the Services, you acknowledge and agree that you have read, understood, and consent to the collection, processing, storage, transfer, and use of your Data as described in this Privacy Policy, to the fullest extent permitted by applicable law.

We do NOT, under any circumstances, request, collect, store, access, or otherwise obtain your social media account passwords, login credentials, authentication tokens, access keys, or any other information that would grant us or any third party the ability to log into, control, or access your social media accounts. The only information we receive in connection with order fulfillment consists of the public uniform resource locators (URLs) and links that you voluntarily submit when placing an order through the Services.

NotPanel uses the Data collected from and about you for a variety of business and operational purposes, all of which are designed to provide, maintain, improve, and secure the Services, and to fulfill our contractual obligations to you. The specific purposes for which we process your Data include, without limitation, the following. Notwithstanding the foregoing, we will not process your Data for any purpose that is materially incompatible with the purposes described in this Privacy Policy without first providing you with notice and, where required by applicable law, obtaining your consent:

• Order processing and service delivery: To receive, validate, process, fulfill, track, and deliver the orders and service requests you submit through the Services, including the transmission of necessary order parameters to our third-party service providers, monitoring of delivery progress, handling of partial deliveries and refunds, and provision of order status updates and notifications.
• Account management and wallet operations: To create, maintain, verify, secure, and administer your user account; to manage your internal account balance (wallet), including the processing of deposits, debits, credits, refunds, and promotional adjustments; and to maintain accurate records of all financial transactions associated with your account.
• Customer support and dispute resolution: To receive, acknowledge, investigate, and respond to your customer support inquiries, service requests, complaints, bug reports, feature suggestions, and any other communications; to troubleshoot technical issues; and to resolve disputes or disagreements arising out of or related to your use of the Services.
• Fraud detection, prevention, and platform security: To detect, investigate, prevent, mitigate, and respond to fraud, unauthorized access, abuse, violations of our Terms of Service, and any other potentially harmful, illegal, or unauthorized activities; to enforce our policies and agreements; to protect the rights, property, safety, and security of NotPanel, our users, our service providers, and the general public; and to maintain the integrity and availability of the Services.
• Platform improvement and optimization: To analyze usage patterns, user behavior, feature adoption, and performance metrics in order to improve, optimize, and enhance the Services, including the development of new features and functionality, the refinement of existing features, the improvement of user interface and user experience design, and the optimization of platform performance, reliability, and scalability.
• Communications and notifications: To send you transactional communications, including but not limited to order confirmations, delivery status updates, payment receipts, refund notifications, account security alerts, password reset instructions, and other important account-related notifications; and to communicate service announcements, maintenance schedules, policy changes, and other operational information relevant to your use of the Services.
• Legal compliance and regulatory obligations: To comply with applicable laws, regulations, legal processes, governmental requests, court orders, subpoenas, and other legal obligations; to establish, exercise, or defend legal claims; to respond to lawful requests from public authorities, including law enforcement and national security agencies; and to maintain records as required by applicable financial, tax, and commercial regulations.
• Analytics and statistical research: To conduct aggregated, anonymized, or de-identified statistical analysis and research for internal business purposes, including understanding market trends, user demographics, service popularity, and platform usage patterns. Such aggregated or anonymized data does not identify you personally and is not subject to the restrictions applicable to personal information under this Privacy Policy.

NotPanel does not, has not, and will not sell, rent, lease, trade, exchange, transfer, distribute, disclose, or otherwise make available for monetary or other valuable consideration any personal information, personally identifiable information, user data, behavioral data, browsing history, or any other Data collected from or about you to any third party, advertiser, data broker, marketing company, or any other entity for any purpose whatsoever, except as specifically and explicitly described in this Privacy Policy.

Notwithstanding the foregoing commitment, we may share, disclose, or otherwise make available limited categories of your Data with or to certain third parties under the specific circumstances described below. In each case, we share only the minimum amount of information necessary to accomplish the stated purpose, and we require all third-party recipients to handle your Data in accordance with applicable data protection laws and, where feasible, contractual data protection obligations:

• Third-party service providers (fulfillment partners): In order to fulfill the orders you place through the Services, we transmit limited order-specific data to our third-party service providers (each, a "Provider"). The information shared with Providers is strictly limited to the social media URL or link you provided and the requested quantity or service parameters. We do NOT share, transmit, or disclose your personal information, including but not limited to your name, email address, IP address, account details, payment information, or any other personally identifiable information, with any Provider under any circumstances. Providers receive only the technical parameters necessary to complete the specific service delivery and nothing more.
• Payment processors and financial service providers: When you make a deposit or payment through the Services, certain transaction-related information is transmitted to our third-party Payment Processors solely for the purpose of processing and completing the financial transaction. Payment Processors are independent data controllers that operate under their own privacy policies, terms of service, and data handling practices. We encourage you to review the privacy policies of our Payment Processors before initiating any transaction. NotPanel is not responsible for the privacy practices, data security measures, or data handling procedures of any third-party Payment Processor.
• Analytics and performance monitoring services: We utilize Google Analytics and similar third-party analytics services to collect and analyze anonymized, aggregated usage data for the purpose of understanding user behavior patterns, improving platform performance, and enhancing the overall user experience. These analytics services may use cookies and similar tracking technologies to collect information about your interactions with the Services. Where possible, we configure these services to anonymize or pseudonymize your IP address and other potentially identifying information before processing. You may opt out of Google Analytics data collection by installing the Google Analytics Opt-out Browser Add-on.
• Legal authorities and regulatory bodies: We may disclose your Data to law enforcement agencies, regulatory authorities, courts, tribunals, governmental bodies, or other authorized third parties when we believe in good faith that such disclosure is necessary to: (a) comply with applicable laws, regulations, legal processes, or enforceable governmental requests; (b) respond to valid subpoenas, court orders, or other legal instruments; (c) protect the rights, property, or safety of NotPanel, our users, or the public; (d) detect, prevent, or address fraud, security issues, or technical problems; or (e) enforce our Terms of Service, this Privacy Policy, or any other agreement between you and NotPanel.
• Business transfers, mergers, and acquisitions: In the event that NotPanel undergoes, or is involved in, a merger, acquisition, consolidation, reorganization, sale of assets, joint venture, assignment, transfer, financing, or other disposition of all or any portion of our business, assets, or equity interests (whether by operation of law or otherwise), your Data may be among the assets transferred, assigned, or disclosed in connection with such transaction. In such event, we will require the acquiring entity or successor organization to honor the commitments made in this Privacy Policy, or we will notify you and provide you with the opportunity to exercise your rights under applicable data protection laws before any material changes take effect.
• Professional advisors and consultants: We may share your Data with our professional advisors, including but not limited to attorneys, accountants, auditors, insurers, and financial advisors, to the extent reasonably necessary for the purpose of obtaining professional advice, conducting audits, ensuring regulatory compliance, or defending legal claims, provided that such advisors are bound by professional duties of confidentiality.

NotPanel takes the security, confidentiality, and integrity of your Data extremely seriously. We have implemented and maintain a comprehensive set of technical, administrative, organizational, and physical security measures designed to protect your Data against unauthorized access, acquisition, use, disclosure, alteration, destruction, loss, or any other form of unlawful or unauthorized processing. These security measures are reviewed and updated on an ongoing basis to address evolving threats, vulnerabilities, and industry best practices. Our security measures include, without limitation:

• Transport Layer Security (TLS/HTTPS) encryption: All data transmitted between your browser or client application and our servers is encrypted using HTTPS with TLS 1.2 or higher, ensuring that your Data cannot be intercepted, read, or modified during transit by unauthorized third parties. Our SSL/TLS certificates are provisioned and automatically renewed through industry-standard certificate authorities.
• Password hashing with scrypt: All user passwords are cryptographically hashed using the scrypt key-derivation function with strong work-factor parameters before being stored in our database. Scrypt is specifically designed to be both computationally and memory-expensive, making brute-force attacks and rainbow-table attacks impractical even with specialised hardware. Passwords are never stored, logged, cached, or transmitted in plain text, reversible encryption, or any other recoverable format.
• AES-256-GCM encryption at rest for sensitive credentials: All third-party provider API keys, authentication tokens, and other sensitive credentials stored in our database are encrypted at rest using the Advanced Encryption Standard with 256-bit keys in Galois/Counter Mode (AES-256-GCM), which provides both confidentiality and authenticity guarantees. Encryption keys are managed separately from the encrypted data and are subject to strict access controls.
• Redis-backed session management with automatic expiration: User session tokens are stored in Redis, an in-memory data store, with automatic time-based expiration. Sessions are invalidated upon logout, password change, or detection of suspicious activity. Session tokens are generated using cryptographically secure random number generators and are of sufficient length to prevent guessing or brute-force attacks.
• Role-based access controls (RBAC): Access to user Data, administrative functions, database operations, and internal tools is restricted based on the principle of least privilege. Only authorized personnel with a demonstrated business need are granted access to systems containing user Data, and all access is logged and auditable.
• Database-level security constraints: Our database schema includes CHECK constraints, unique indexes, foreign key relationships, and other integrity mechanisms to ensure data consistency and prevent unauthorized modifications at the database level. Financial operations utilize row-level locking (SELECT FOR UPDATE) and atomic transactions to prevent race conditions and ensure data integrity.
• Regular security monitoring and assessment: We conduct regular security monitoring, vulnerability assessments, code reviews, and dependency audits to identify and remediate potential security weaknesses in our infrastructure, application code, and third-party dependencies.

Notwithstanding the security measures described above, no method of electronic transmission over the Internet and no method of electronic storage is completely secure or impervious to all threats. While we implement commercially reasonable and industry-standard security measures to protect your Data, we cannot and do not guarantee absolute security against all potential threats, including but not limited to advanced persistent threats, zero-day vulnerabilities, state-sponsored attacks, or other sophisticated attack vectors. You acknowledge and agree that you transmit your Data to us at your own risk, and you are solely responsible for maintaining the confidentiality and security of your login credentials, password, and account access information. You agree to notify us immediately at support@notpanel.com if you suspect any unauthorized access to or use of your account.

NotPanel uses cookies and similar tracking technologies (including, without limitation, HTTP cookies, local storage, session storage, and web beacons) to facilitate the proper functioning, security, and personalization of the Services. Cookies are small text files that are placed on your device or browser when you visit or interact with the Services. The specific categories of cookies and tracking technologies we employ are described below, together with their purposes and duration:

• Strictly necessary and essential cookies: These cookies are essential for the operation, security, and basic functionality of the Services and cannot be disabled without rendering the Services unusable. This category includes: authentication session tokens that maintain your logged-in state and identify you to our servers; cross-site request forgery (CSRF) protection tokens that prevent unauthorized form submissions and protect against certain types of web attacks; and other cookies necessary for the secure and reliable delivery of the Services. These cookies are set automatically when you access the Services and are deleted when you close your browser or when they reach their configured expiration time.
• Preference and functionality cookies: These cookies store your personalization preferences and settings to provide you with a customized experience when using the Services. This category includes: your theme preference (light mode or dark mode display); your language and locale preference (stored in the NEXT_LOCALE cookie); your preferred display currency; and other user interface customization settings. These cookies persist across browser sessions to ensure your preferences are maintained between visits.
• Analytics and performance cookies: We use Google Analytics cookies and similar technologies to collect anonymized, aggregated information about how users interact with and navigate the Services. This information is used exclusively for internal purposes, including understanding usage patterns, identifying popular features and content, detecting performance issues, and making data-driven decisions to improve the Services. Analytics data is processed in aggregated and anonymized form and is not used to identify individual users.

We do NOT use, deploy, or permit the use of advertising cookies, behavioral tracking pixels, social media tracking widgets, fingerprinting technologies, or any other tracking mechanism designed to monitor your browsing activity across third-party websites, build a profile of your interests or preferences for advertising purposes, or sell, share, or otherwise make available your browsing data or behavioral information to advertisers, data brokers, marketing networks, or any other third party for advertising, marketing, or profiling purposes. Your browsing activity on the NotPanel platform is never shared with advertisers or used for targeted advertising of any kind.

Most modern web browsers allow you to manage, block, or delete cookies through browser settings. Please be aware that disabling or blocking essential cookies may impair the functionality, security, and usability of the Services, and certain features may not function correctly or at all without the use of necessary cookies.

NotPanel retains your Data only for as long as is reasonably necessary to fulfill the purposes for which it was collected, to comply with our legal, regulatory, tax, accounting, and reporting obligations, to resolve disputes, to enforce our agreements, and to protect our legitimate business interests. The specific retention periods for different categories of Data are described below. Upon expiration of the applicable retention period, your Data will be securely deleted, destroyed, or irreversibly anonymized in accordance with our data retention and disposal procedures, unless a longer retention period is required or permitted by applicable law:

• Account data and profile information: Retained for the entire duration that your account remains active and in good standing. Following receipt and verification of an account deletion request, your account data and associated personal information will be permanently and irreversibly deleted from our active systems within thirty (30) calendar days. During this 30-day period, your account will be deactivated and inaccessible, but certain data may be retained in encrypted backup systems for a limited additional period as part of our standard backup rotation cycle before being permanently purged.
• Order history and service delivery records: Retained for a period of two (2) years from the date on which the order was placed, after which order records are permanently deleted or irreversibly anonymized. This retention period is necessary to support customer inquiries about past orders, facilitate refund and refill requests within applicable guarantee periods, and maintain accurate business records.
• Transaction records and financial data: Retained for a period of five (5) years from the date of the transaction, in compliance with applicable financial recordkeeping requirements, tax regulations, anti-money laundering obligations, and other regulatory mandates that require the retention of financial transaction records for specified periods. This extended retention period is a legal obligation and cannot be shortened at your request.
• Support tickets and customer correspondence: Retained for a period of one (1) year from the date on which the support ticket was closed or the correspondence was concluded, after which support records are permanently deleted or irreversibly anonymized. This retention period is necessary to provide context for follow-up inquiries, resolve recurring issues, and maintain quality assurance records.
• Server access logs and API request logs: Retained for a period of ninety (90) calendar days from the date of generation, after which log files are automatically and permanently purged from our systems. This retention period is necessary for security monitoring, abuse detection, debugging, performance analysis, and incident response purposes.
• Administrative audit logs: Retained for a period of ninety (90) calendar days from the date of the logged event, with the specific retention period configurable by authorized administrators within the range permitted by our data retention policies. Audit logs record administrative actions for security, compliance, and accountability purposes.

Subject to applicable data protection laws and regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable privacy legislation in your jurisdiction, you may have certain rights with respect to the personal information we hold about you. These rights may be subject to limitations and exceptions provided by applicable law. To the fullest extent permitted by applicable law, you have the right to:

• Right of access: You have the right to request access to the personal information we hold about you and to obtain a copy of such information in a commonly used, structured, and machine-readable format. Upon receiving and verifying your identity in connection with such a request, we will provide you with a comprehensive summary of the categories and specific pieces of personal information we have collected, the sources from which such information was collected, the purposes for which it was collected and processed, and the categories of third parties with whom it has been shared.
• Right of rectification: You have the right to request that we correct, update, amend, or supplement any personal information that is inaccurate, incomplete, outdated, or misleading. You may update certain account information directly through your account settings page within the Services, or you may submit a rectification request to our support team for information that cannot be modified through self-service options.
• Right of erasure (right to be forgotten): You have the right to request the deletion, removal, or erasure of your account and all associated personal information from our active systems, subject to certain exceptions and limitations. We may retain certain Data beyond the deletion of your account where retention is necessary to comply with legal obligations, resolve disputes, enforce our agreements, or exercise or defend legal claims, as permitted by applicable law.
• Right to data portability: You have the right to request that we export your personal information in a structured, commonly used, and machine-readable format (such as JSON or CSV), and to have such information transmitted directly to another data controller where technically feasible and where required by applicable law.
• Right to object: You have the right to object to certain types of data processing, including processing based on legitimate interests, direct marketing, and profiling. Where you exercise your right to object, we will cease processing your Data for the specified purpose unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
• Right to restrict processing: You have the right to request that we restrict or limit the processing of your personal information under certain circumstances, including where you contest the accuracy of the information, where the processing is unlawful, where we no longer need the information but you require it for legal claims, or where you have objected to processing pending verification of legitimate grounds.
• Right to withdraw consent: Where we rely on your consent as the legal basis for processing your Data, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to such withdrawal.

To exercise any of the rights described above, or to make any inquiry regarding our privacy practices, please contact us at support@notpanel.com. We will acknowledge receipt of your request within a reasonable timeframe and will respond substantively to all verified requests within thirty (30) calendar days, or within such shorter period as may be required by applicable law. In certain circumstances, we may need to extend this response period by an additional sixty (60) days, in which case we will notify you of the extension and the reasons therefor.

The Services are not intended for, directed at, or designed to attract individuals under the age of eighteen (18) years (or the age of legal majority in your jurisdiction, if higher). NotPanel does not knowingly collect, solicit, request, store, process, or otherwise obtain personal information, personally identifiable information, or any other Data from any individual under the age of eighteen (18). We do not knowingly allow individuals under the age of eighteen (18) to create accounts, place orders, or otherwise access or use the Services.

If you are a parent, legal guardian, or other responsible adult and you believe that a minor under the age of eighteen (18) has created an account on the Services, provided personal information to NotPanel, or is otherwise using the Services without your knowledge or consent, please contact us immediately at support@notpanel.com with sufficient detail to allow us to identify the account in question. Upon verification that the account holder is indeed a minor, we will take prompt and reasonable steps to: (a) terminate and permanently delete the minor's account; (b) permanently delete all personal information and Data associated with or collected from the minor; and (c) refund any unused account balance to the extent feasible and in accordance with our Refund Policy. We take the protection of minors' privacy extremely seriously and will act expeditiously upon receiving any such notification.

NotPanel operates globally, and your Data may be transferred to, stored in, and processed in countries or jurisdictions other than your country of residence, including countries that may not provide the same level of data protection as the laws of your home jurisdiction. By accessing or using the Services, you acknowledge and consent to the transfer of your Data to such countries and jurisdictions. These international transfers are necessary for the provision and operation of the Services, including but not limited to: hosting and infrastructure services provided by our data center and cloud service providers; order fulfillment through our global network of third-party service providers; payment processing through international Payment Processors; and analytics and monitoring services.

Where we transfer your Data to countries that have not been deemed to provide an adequate level of data protection by the relevant supervisory authority, we implement appropriate safeguards to ensure that your Data receives a level of protection substantially equivalent to that required by the data protection laws of your jurisdiction. These safeguards may include, without limitation: Standard Contractual Clauses (SCCs) approved by the European Commission or other relevant regulatory authorities; binding corporate rules; data processing agreements incorporating appropriate data protection obligations; certification mechanisms; codes of conduct; and other transfer mechanisms recognized by applicable data protection laws. You may request additional information about the specific safeguards we employ for international data transfers by contacting us at support@notpanel.com.

The Services may contain hyperlinks, references, integrations, or other connections to websites, applications, platforms, products, or services that are owned, operated, or controlled by third parties that are not affiliated with, endorsed by, or under the control of NotPanel (collectively, "Third-Party Services"). These Third-Party Services are provided solely for your convenience and informational purposes. The inclusion of any link to or integration with a Third-Party Service does not imply, suggest, or constitute any endorsement, approval, recommendation, sponsorship, affiliation, or partnership by NotPanel with respect to such Third-Party Service or its owner, operator, content, products, services, or privacy practices.

NotPanel is not responsible for, and assumes no liability with respect to, the privacy practices, data collection and processing activities, security measures, content, accuracy, legality, opinions, terms of service, or any other aspect of any Third-Party Service. Your interactions with Third-Party Services, including the provision of any personal information or Data to such services, are governed solely by the privacy policies and terms of service of those Third-Party Services. We strongly recommend that you carefully review the privacy policy and terms of service of every Third-Party Service before providing any personal information or engaging in any transaction with or through such service.

NotPanel reserves the right to modify, amend, update, revise, supplement, or otherwise change this Privacy Policy at any time, at our sole and absolute discretion, with or without prior notice, to reflect changes in our data practices, business operations, legal requirements, regulatory guidance, industry standards, or for any other reason we deem necessary or appropriate. When we make changes to this Privacy Policy, we will update the "Last Updated" date at the top of this page to reflect the date of the most recent revision.

For changes that we determine, in our sole discretion, to be material or significant -- including but not limited to changes that affect the categories of Data we collect, the purposes for which we process your Data, the third parties with whom we share your Data, or your rights under this Privacy Policy -- we will make reasonable efforts to notify you through one or more of the following methods: (a) a prominent notice published on the Services; (b) an in-platform announcement or notification; (c) an email sent to the email address associated with your account; or (d) any other method we deem appropriate under the circumstances. Your continued access to or use of the Services following the posting of any changes to this Privacy Policy, or following the effective date of any material change for which you received notice, constitutes your acknowledgment, acceptance, and agreement to be bound by the revised Privacy Policy. If you do not agree with the revised Privacy Policy, your sole and exclusive remedy is to discontinue your use of the Services and delete your account.

If you have any questions, concerns, comments, complaints, or requests regarding this Privacy Policy, our data collection and processing practices, your rights under applicable data protection laws, or any other privacy-related matter, please do not hesitate to contact us using any of the following methods. We are committed to addressing all privacy-related inquiries promptly, thoroughly, and in accordance with applicable legal requirements:

• Email: support@notpanel.com
• Support ticket system: notpanel.com/dashboard/support

We endeavor to acknowledge all privacy-related inquiries within forty-eight (48) hours of receipt and to provide a substantive response within thirty (30) calendar days, or within such shorter period as may be required by applicable data protection laws and regulations in your jurisdiction. If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction that provides for the right to lodge complaints with a supervisory authority, you have the right to file a complaint with your local data protection authority if you believe that our processing of your personal information violates applicable data protection laws.