Privacy Policy

Last updated: May 27, 2026

1. What We Collect

When you use APGB Auth, we collect only what is necessary to operate the service:

• Account data: username, email address (optional), and a hashed password — we never store your plaintext password.
• Optional profile data: first name, last name, birthday, and gender — only if you choose to provide them.
• Session data: a session token, the IP address and browser user-agent associated with each login.
• OAuth tokens: access and refresh tokens for any third-party services (e.g. Google) you choose to connect.

2. How We Use It

• To authenticate you and keep your session secure.
• To enable connected integrations you explicitly authorize.
• To detect and prevent unauthorized access to your account.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Data Retention

• Session tokens inactive for more than 30 days are automatically deleted.
• You can revoke individual sessions from your account page at any time.
• OAuth connections are removed when you disconnect them from your account.
• Account data is retained until you request deletion.

4. Third-Party Services

If you connect a Google account, your OAuth tokens are stored on our servers and used only to fulfill requests you initiate. Google's own Privacy Policy governs how Google handles your data on their side.

5. Security

Passwords are hashed before storage. Sessions use signed JWTs verified against a database record, so individual sessions can be revoked without invalidating others. We recommend using a strong, unique password.

6. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by contacting us. We will respond within a reasonable timeframe.

7. Changes

We may update this policy as the service evolves. The "last updated" date above will always reflect the current version.

8. Contact

Questions or data requests: [email protected].