Trout Logo

Privacy Policy

Last updated: July 26, 2025

At Tarout Auth, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our authentication-as-a-service platform.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, company name, and password when you register
  • Project Information: Project names, configurations, and settings you create
  • Payment Information: Billing details, credit card information (processed securely through our payment providers)
  • Support Information: Any information you provide when contacting our support team

1.2 Information We Collect Automatically

  • Usage Data: API calls, authentication requests, feature usage, and performance metrics
  • Device Information: IP address, browser type, operating system, and device identifiers
  • Log Data: Server logs, error reports, and debugging information
  • Cookies: Session cookies and authentication tokens for service functionality

1.3 Information from Your End Users

When you use Tarout Auth to authenticate your end users, we process:

  • Email addresses and usernames
  • Authentication tokens and session data
  • IP addresses and device information for security
  • Any additional data you choose to store with user profiles

2. How We Use Your Information

We use collected information to:

  • Provide and maintain our authentication services
  • Process your transactions and manage subscriptions
  • Send service updates, security alerts, and technical notices
  • Respond to support requests and provide customer service
  • Monitor and analyze usage patterns to improve our services
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our terms of service
  • Develop new features and enhance existing functionality

3. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in these circumstances:

3.1 Service Providers

We work with trusted third-party services:

  • Cloud infrastructure providers (AWS, Google Cloud)
  • Payment processors (Stripe, PayPal)
  • Analytics services (for aggregated, non-personal data)
  • Communication tools (for support and updates)

3.2 Legal Requirements

We may disclose information if required by law, court order, or government request, or if necessary to protect our rights, users, or the public.

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before any such transfer.

4. Data Security

We implement robust security measures:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Regular security audits and penetration testing
  • Access controls and employee security training
  • Secure password hashing (Argon2)
  • Multi-factor authentication options
  • Regular backups and disaster recovery procedures
  • Compliance with industry security standards

5. Data Retention

We retain your data based on these principles:

  • Active account data: Retained as long as your account is active
  • Closed account data: Retained for 90 days then securely deleted
  • Legal compliance data: Retained as required by applicable laws
  • Backup data: Retained according to our backup rotation policy
  • End user data: Retained according to your project settings

6. Your Rights and Choices

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Portability: Export your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to certain data processing activities

To exercise these rights, contact us at [email protected]

7. International Data Transfers

Your information may be processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including:

  • Standard contractual clauses approved by regulatory authorities
  • Data processing agreements with all service providers
  • Compliance with applicable data protection laws

8. Children's Privacy

Tarout Auth is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

9. Cookies and Tracking

We use cookies and similar technologies for:

  • Authentication and session management
  • Security features and fraud prevention
  • Performance monitoring and analytics
  • Remembering your preferences

You can control cookies through your browser settings, but disabling them may affect service functionality.

10. GDPR Compliance

For users in the European Economic Area, we comply with GDPR requirements:

  • Lawful basis for processing (contract performance, legitimate interests)
  • Data Protection Officer contact: [email protected]
  • Right to lodge complaints with supervisory authorities
  • Data protection impact assessments where required

11. California Privacy Rights

California residents have additional rights under CCPA:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of data sales (we do not sell data)
  • Right to non-discrimination for exercising privacy rights

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new policy on this page
  • Updating the "Last updated" date
  • Sending email notification for significant changes

13. Contact Us

For privacy-related questions or concerns:

Or write to us at:
Tarout Auth
Privacy Department
[Your Company Address]