Privacy Policy

Last updated: May 31, 2026

AuthCog provides authentication and identity handoff services for websites and applications. This policy explains what information we process and how we use it.

Information we process

• Account information such as email address, display name and avatar.
• OAuth provider information needed to verify sign-in, such as provider name and profile basics.
• Session, callback and audit data needed to operate login flows and prevent abuse.
• Technical data such as IP address, user agent, request path and timestamps.

How we use information

• To authenticate users and return verified identity to relying sites.
• To maintain user sessions, consent records and revocation controls.
• To secure the service, debug issues and prevent fraud or abuse.
• To communicate operational messages, such as one-time email login links.

What we share

When a user signs in for a relying site, AuthCog may share only the released identity basics needed by that site: email, name, avatar and provider. We do not share OAuth access tokens with relying sites.

Data retention

Single-use callback hashes are short-lived. Account, grant and session records are kept while needed to operate the service, provide revocation controls, comply with legal obligations and protect the service.

User choices

Users can sign out, revoke relying-site access where available, and request deletion or correction of account data by contacting us.

Security

We use technical and organizational safeguards appropriate for an authentication service, including signed callback tokens, short-lived callback hashes and provider-based login. No internet service can be guaranteed perfectly secure.

Contact

For privacy requests or questions, contact: rejotl@gmail.com