Privacy Policy

1. Introduction

AuthFlow Inc. ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our authentication platform-as-a-service ("Service").

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, do not use our Service.

2. Information We Collect

Personal Information

We collect information you provide directly to us, including:

• Name and email address when you create an account
• PCI-compliance info for billing purposes
• Profile information you choose to provide
• Communications you send to us
• Feedback and survey responses

Usage Information

We automatically collect certain information about your use of our Service:

• Log data including IP addresses, browser type, and operating system
• Authentication events and session information
• API usage patterns and performance metrics
• Device information and unique identifiers
• Cookies and similar tracking technologies

End User Data

When you use our Service to authenticate users of your applications, we process personal information of your end users on your behalf. This may include usernames, email addresses, and authentication credentials. You are responsible for obtaining appropriate consent from your end users.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Service
• Process transactions and send billing information
• Send technical notices and security alerts
• Respond to your comments and questions
• Analyze usage patterns to enhance user experience
• Detect and prevent fraud and abuse
• Comply with legal obligations
• Enforce our Terms of Service

We will not use your personal information for purposes other than those described in this Privacy Policy without your explicit consent.

4. Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

Service Providers

We may share your information with trusted third-party service providers who assist us in operating our Service, such as cloud hosting, payment processing, and analytics providers. These providers are bound by confidentiality agreements and may only use your information to provide services to us.

Legal Requirements

We may disclose your information if required by law or in response to valid legal requests, such as subpoenas, court orders, or government investigations.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control of your personal information.

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection practices
• Incident response and breach notification procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy. Specifically:

• Account information is retained while your account is active
• Usage logs are typically retained for 12 months
• Billing information is retained for 7 years for tax purposes
• End user authentication data is retained according to your configuration

When you delete your account, we will delete your personal information within 30 days, except where retention is required by law or for legitimate business purposes.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Portability: Request transfer of your data to another service
• Restriction: Request limitation of processing of your information
• Objection: Object to processing based on legitimate interests

To exercise these rights, please contact us at privacy@authflow.net. We will respond to your request within 30 days.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience with our Service. These technologies help us:

• Remember your preferences and settings
• Analyze usage patterns and improve our Service
• Provide security features and prevent fraud
• Deliver relevant content and advertisements

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our Service.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your country.

When we transfer your information internationally, we implement appropriate safeguards such as standard contractual clauses or adequacy decisions to ensure your information receives adequate protection.

10. Children's Privacy

Our Service is not intended for children. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

If we discover that we have collected personal information from a child, we will delete such information immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by:

• Sending an email to the address associated with your account
• Posting a notice on our website
• Providing an in-app notification

Your continued use of our Service after the effective date of the updated Privacy Policy constitutes acceptance of the changes.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: