Privacy
Privacy controls aligned with identity operations.
We process only the data required to provide authentication, policy, and operational reliability.
Data categories
What we process
Categories are limited to identity operations, security controls, and service reliability.
- Account identifiers (email, user IDs)
- Tenant/workspace metadata
- Auth events and security signals
- Billing and plan metadata
- Support communications (if submitted)
Retention windows
Retention windows
We retain operational logs for defined windows to support security investigations and reliability. Some records may be retained longer when required by law, fraud prevention, or billing.
| Category | Retention | Notes |
|---|---|---|
| Operational logs | Defined windows based on plan and operational need | Used for security investigations and reliability analysis. |
| Security and fraud records | May be retained longer when required | Extended retention can apply for fraud prevention and legal compliance. |
| Billing records | Retained per financial/legal obligations | Retention follows invoicing, tax, and contractual obligations. |
Subprocessors + DSAR
Subprocessors and request flow
We use vetted subprocessors for infrastructure and messaging. Each is contractually limited to approved service purposes.
Subprocessor approach
We review subprocessors for security, reliability, and contractual controls before onboarding.
DSAR flow
Submit a deletion or access request through the Data Deletion flow. We issue a request ID and follow up for verification.