Privacy Policy
This policy covers OAuth data, token handling, account metadata, logs, support communication, retention, deletion, and security practices.
OAuth authorization codes, access tokens, refresh tokens, scopes, expiry metadata, and account identifiers required to connect an account.
Support messages that you send by email or through future contact channels.
Operational logs that help us diagnose platform issues, security events, and callback failures.
To complete OAuth flows, maintain connected account status, and show non-sensitive status information on review dashboards.
To respond to support requests and operate the service safely.
To fulfill data deletion requests and preserve compliance records where required by law.
Tokens and account metadata are stored server-side only, using Cloudflare storage bindings and Worker secrets for encryption-related material.
Ephemeral OAuth state is retained only long enough to complete the flow.
Connected account records are retained while the account is active or until deletion is requested.
State validation, scoped access, and server-side token handling are used to reduce risk.
Secrets are not committed to the repository and are never exposed to the browser.
We do not intentionally log access tokens or refresh tokens.
This policy is a template for the live product and should be reviewed by counsel before launch.