Privacy
Policy

The entity responsible for processing your personal data under the General Data Protection Regulation (GDPR) is:

We process the following personal data:

• Account data: Name, email address, password (encrypted)
• Technical data: IP address, browser type, device info, timestamps
• Usage data: Login events, OAuth authorizations, API accesses
• Company data (company accounts): Company name, contact person

We process your data exclusively for the following purposes:

• Provision of the identity and authentication service
• Management of your user account
• Execution of OAuth 2.0 / OIDC authorization flows
• Security monitoring and fraud prevention (Audit Logs)
• Fulfillment of legal obligations

Processing is based on Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interests). Where consent is required, processing is based on Art. 6(1)(a) GDPR.

Your data is stored only as long as necessary. After account deletion, personal data is removed within 30 days, unless legal retention obligations apply.

Personal data is only shared where necessary for contract performance, you have consented, or a legal obligation exists. Third-party OAuth apps only receive data you agreed to during the authorization flow.

You have the right to:

• Access your stored data (Art. 15 GDPR)
• Correct inaccurate data (Art. 16 GDPR)
• Delete your data (Art. 17 GDPR)
• Restrict processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Object to processing (Art. 21 GDPR)

To exercise your rights, contact: privacy@auth.games

AUTH.GAMES uses only technically necessary cookies and local browser storage for sessions and preferences. No tracking or marketing cookies are used.

You have the right to lodge a complaint with a data protection supervisory authority.

We reserve the right to update this privacy policy. The current version is always available at /privacy. You will be notified of significant changes by email.