Privacy Policy

When you use Auth Plugin, we collect information necessary to provide the service: • Account Information: Email address, name, and password when you sign up. • Identity Data: Information about users who authenticate through your Auth Plugin-powered sites, including email addresses, names, and authentication method used. • Usage Data: Plugin usage patterns, feature usage, and error logs to improve the service. • Payment Information: When you subscribe to Pro or Scale plans, payment is processed through Stripe. We do not store your full credit card details.

We use collected information to: • Provide, maintain, and improve the Auth Plugin service. • Process authentication requests for your website visitors. • Send transactional emails (welcome, password reset, OTP, verification). • Monitor and prevent fraudulent activity and abuse. • Communicate service updates, security alerts, and support messages. • Generate anonymized analytics to improve the product.

• All data is encrypted at rest using AES-256 encryption. • Data in transit is protected with TLS 1.3. • Passwords are hashed using bcrypt with salt rounds. • Authentication tokens are auto-refreshed and have configurable expiration. • We follow OWASP best practices for web application security. • Our infrastructure is hosted on secure, SOC 2 compliant providers.

We do not sell your personal information. We share data only in these cases: • Service Providers: With trusted partners who help us operate the service (hosting, email delivery, payment processing). • Stripe & Lemon Squeezy: When you enable payment integrations, payment data is shared with your connected payment providers. • Legal Requirements: When required by law, regulation, or legal process. • With Your Consent: When you explicitly authorize sharing.

You have the right to: • Access: Request a copy of your personal data. • Correction: Update or correct inaccurate data. • Deletion: Request deletion of your account and associated data. • Export: Export your identity data in standard formats. • Opt-out: Unsubscribe from non-essential communications. To exercise these rights, contact us at support@authplugin.io.

Auth Plugin uses essential cookies for authentication sessions. We use: • Session Cookies: To maintain login state for authenticated users. • Security Cookies: For CSRF protection and secure token management. • No Advertising Cookies: We do not use cookies for advertising or behavioral tracking.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. Continued use of the service after changes constitutes acceptance of the updated policy.