AutherAuther← Back

Legal

Privacy Policy

Last updated: March 2026

1. Overview

Auther ("we", "our", "us") is an authentication infrastructure service operated by Ziloris. This Privacy Policy explains how we collect, use, and protect information when you use our services, including our dashboard, SDKs, and APIs.

2. Information We Collect

We collect the following categories of information:

  • Account data — email address, hashed password, and account creation timestamps for dashboard users.
  • End-user data — email addresses and authentication records of users who sign in through your application using Auther.
  • Session data — IP addresses, user agent strings, and token metadata for active sessions.
  • Usage data — API call logs, webhook delivery records, and audit events.

3. How We Use Your Information

  • To provide, operate, and maintain the Auther authentication service.
  • To verify identities and manage secure sessions on behalf of your application.
  • To detect and prevent abuse, fraud, and unauthorized access.
  • To send service-critical communications (security alerts, outage notices).

4. Data Storage & Security

All data is stored on servers within the EU/EEA. Access tokens are stored as HTTP-only cookies and are never accessible to JavaScript. Passwords are hashed using bcrypt. Refresh tokens are stored as opaque values in Redis with automatic expiry.

5. Data Sharing

We do not sell your data. We do not share personal information with third parties except where required by law or to provide core service functionality (e.g. OAuth provider communication for social login).

6. Data Retention

Audit logs are retained for 90 days. Session records are purged upon expiry. Account data is retained for the lifetime of the account and deleted within 30 days of account closure upon request.

7. Your Rights

You have the right to access, correct, or delete your personal data at any time. To exercise these rights, contact us at privacy@ziloris.com.

8. Cookies

Auther sets a single HTTP-only cookie (auther_access) scoped to your domain to maintain authentication state. No tracking or advertising cookies are used.

9. Changes to This Policy

We may update this policy periodically. Significant changes will be communicated via email to registered account holders. Continued use of the service after changes constitutes acceptance.

10. Contact

Questions about this policy? Reach us at privacy@ziloris.com or through the Ziloris website at ziloris.com.

© 2026 Ziloris · Auther

Terms of Service →