Privacy Policy

1. Overview

Authon ("Company", "we", "us") helps developers and businesses build secure authentication services. This Privacy Policy explains how we collect, use, and store personal information when you use the Authon service (authon.dev).

2. Information We Collect

We collect the following information to provide our services:

• Account Information: Email address, name, profile picture (provided via social login)
• Authentication Data: OAuth access tokens, refresh tokens, session identifiers
• Usage Information: Login history, IP address, browser information, access timestamps
• Application Information: Registered app names, domains, API keys (hashed)
• Payment Information: Subscription plan, billing history (card details are stored by our third-party payment processor)

3. How We Use Your Information

We use the collected information for the following purposes:

• Providing authentication services and managing accounts
• Maintaining service security and preventing fraudulent use
• Improving services and developing new features
• Customer support and responding to inquiries
• Sending service-related notices and updates
• Fulfilling legal obligations and resolving disputes

4. Third-Party Sharing

We do not share your personal information with third parties except in the following cases:

• When you have given prior consent
• When required by law or by lawful requests from law enforcement agencies
• When sharing the minimum necessary information with service providers (infrastructure, payment, email delivery)

Key service providers we use: AWS (infrastructure), Stripe (payment processing), SendGrid (email delivery)

5. Data Retention

Personal information is retained according to the following criteria:

• Account Information: Duration of service use and 30 days after account deletion
• Login History: 90 days
• Payment Records: 5 years as required by applicable law
• API Logs: 30 days

Information is promptly destroyed when the retention period expires or the purpose is achieved.

6. Your Rights

You have the following rights regarding your personal information:

• Right to access your personal information
• Right to correct or delete your personal information
• Right to restrict processing of your personal information
• Right to data portability (provided in machine-readable format)
• Right to opt out of marketing communications

You can exercise these rights through the dashboard settings or by contacting us at the address below.

7. Cookies and Tracking Technologies

We use cookies and local storage to provide and improve our services. Cookies essential for maintaining authentication sessions are always used while you use the service. Analytical cookies can be declined by users. You can disable cookies through your browser settings, but some service features may be limited.

8. Security

We apply technical and administrative safeguards including encryption (TLS, AES-256), access controls, and regular security audits to protect your personal information. However, no method of transmission over the Internet or electronic storage is 100% secure. Please contact us immediately if you discover any security vulnerabilities.

9. Children's Privacy

Our services are not directed to children under the age of 13. If we become aware that personal information of a child under 13 has been collected, we will take immediate steps to delete it.

10. Changes to This Policy

This policy may be updated due to service changes or legal amendments. We will provide advance notice of significant changes through in-service announcements or email. Updated policies take effect 7 days after the announcement.

11. Contact Us

For privacy-related inquiries, please contact us at: