Privacy Policy

Last updated: January 1, 2024

1. Introduction

OAuth Hub ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our OAuth-as-a-Service platform. Please read this privacy policy carefully.

2. Information We Collect

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, password, company name
  • Payment Information: Billing address and payment method details (processed by Stripe)
  • Application Data: OAuth client IDs, redirect URIs, scopes, and application configurations
  • Usage Data: API requests, OAuth flows, token issuance, and authentication events
  • Technical Data: IP addresses, browser type, device information, and log data

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Send technical notices, updates, security alerts, and support messages
  • Respond to your comments, questions, and customer service requests
  • Monitor and analyze trends, usage, and activities in connection with our services
  • Detect, investigate, and prevent fraudulent transactions and other illegal activities
  • Personalize and improve the Service and provide content or features that match user profiles

4. Information Sharing and Disclosure

We may share your information in the following situations:

  • With Your Consent: We may share your information with third parties when you give us consent to do so
  • Service Providers: We share information with vendors, consultants, and service providers who need access to perform services for us (e.g., Stripe for payments, AWS for hosting)
  • Compliance with Laws: We may disclose your information if required by law or in response to valid requests by public authorities
  • Business Transfers: Information may be transferred if we are involved in a merger, acquisition, or sale of assets
  • With End Users: When you use our OAuth service, certain information (like public profile data) may be shared with applications that users authorize

5. Data Retention

We retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Deleted data is removed from our active databases within 30 days but may persist in backups for up to 90 days.

6. Data Security

We implement appropriate technical and organizational security measures to protect your information:

  • Encryption of data in transit (TLS/SSL) and at rest (AES-256)
  • Regular security audits and penetration testing
  • Access controls and authentication mechanisms
  • Secure backup and disaster recovery procedures
  • Employee training on data protection and privacy

7. Your Data Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your personal data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing of your personal data
  • Restriction: Request restriction of processing of your data

To exercise these rights, please contact us at [email protected]

8. Cookies and Tracking

We use cookies and similar tracking technologies to track activity on our Service:

  • Essential Cookies: Required for the Service to function properly
  • Analytics Cookies: Help us understand how the Service is used
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings, but disabling cookies may affect Service functionality.

9. International Data Transfers

Your information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ. We ensure appropriate safeguards are in place for such transfers in accordance with applicable law.

10. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

11. GDPR Compliance

If you are a resident of the European Economic Area (EEA), you have certain data protection rights under GDPR. We act as both a data controller and data processor depending on how you use our Service. We have implemented appropriate technical and organizational measures to ensure GDPR compliance.

12. CCPA Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, use, and share, and the right to delete your personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

14. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at:

Email: [email protected]
Address: 123 OAuth Street, San Francisco, CA 94102
Data Protection Officer: [email protected]