We collect only the data required to operate authentication and oauth authorization.
This may include: handle, first name, last name, session data, oauth app metadata, token records, and security logs.
Passwords are stored only as salted hashes. Plaintext passwords are never stored.
We may log ip addresses, request metadata, failed login attempts, and abuse signals for security and rate limiting.
Data is used only to run the service, protect the service, and provide explicit oauth consented access.
Data is not sold. Data is not shared except where needed to provide oauth authorization or where required by law.
You may request deletion of your account and associated data, subject to legal or security retention requirements.