1 Introduction
Welcome to OneTimeLogin ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our single sign-on authentication platform and related services.
By accessing or using OneTimeLogin, you agree to the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.
This policy applies to all users of OneTimeLogin, including website owners who integrate our SSO service and end-users who authenticate through our platform.
2 Information We Collect
2.1 Personal Information You Provide
When you register or use our services, we may collect:
- Account Information: Name, email address, phone number, and password
- Profile Information: Profile picture, display name, and preferences
- Payment Information: Billing address and payment method details (processed by secure third-party providers)
- Communications: Messages, support requests, and feedback you send us
- Biometric Data: Fingerprint or facial recognition data (if you enable biometric authentication)
2.2 Information Collected Automatically
When you access our services, we automatically collect:
- Device Information: Device type, operating system, browser type, and unique device identifiers
- Log Data: IP address, access times, pages viewed, and referring URLs
- Location Data: General geographic location based on IP address
- Usage Data: Features used, authentication events, and interaction patterns
2.3 Information from Third Parties
We may receive information from:
- Social Login Providers: If you choose to sign in with Google, Apple, or other providers
- Partner Websites: Basic authentication status and permissions you've granted
- Public Databases: For fraud prevention and identity verification
3 How We Use Your Information
We use the information we collect for the following purposes:
Service Provision
To provide, maintain, and improve our authentication services
Security
To detect, prevent, and respond to fraud and security threats
Communications
To send you updates, security alerts, and support messages
Analytics
To understand usage patterns and improve user experience
4 Data Sharing & Disclosure
We may share your information in the following circumstances:
With Partner Websites
When you authenticate to a partner site, we share only the information necessary to complete the login (e.g., your verified email and display name).
With Service Providers
We use trusted third parties for hosting, analytics, payment processing, and customer support, all bound by strict confidentiality agreements.
For Legal Compliance
We may disclose information when required by law, court order, or to protect our rights, safety, or property.
Business Transfers
In connection with a merger, acquisition, or sale of assets, your information may be transferred as a business asset.
We never sell your personal information. Your data is not used for advertising purposes or shared with data brokers.
5 Data Security
We implement industry-standard security measures to protect your information:
AES-256 Encryption
All data encrypted at rest
TLS 1.3
Secure data in transit
MFA Support
Multi-factor authentication
WAF Protection
Web application firewall
SOC 2 Type II
Certified compliance
Regular Audits
Penetration testing
6 Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy:
- Account Data: Retained while your account is active, plus 30 days after deletion request
- Authentication Logs: Retained for 90 days for security purposes
- Payment Records: Retained for 7 years as required by financial regulations
- Support Communications: Retained for 2 years after resolution
7 Your Privacy Rights
Depending on your location, you may have the following rights:
Right to Access
Request a copy of the personal data we hold about you
Right to Rectification
Correct inaccurate or incomplete personal data
Right to Erasure
Request deletion of your personal data ("right to be forgotten")
Right to Data Portability
Receive your data in a machine-readable format
Right to Object
Object to processing of your data for certain purposes
To exercise your rights: Contact us at privacy@onetimelogin.com or visit your Account Settings. We will respond within 30 days.
9 International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements with all third-party processors
- Compliance with the EU-US Data Privacy Framework
- Adherence to GDPR requirements for EU residents
10 Children's Privacy
OneTimeLogin is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.
If we discover that we have collected information from a child under 13, we will delete that information immediately.
11 Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last Updated" date at the top
- Sending you an email notification for significant changes
- Displaying a prominent notice within our services
12 Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us:
Privacy Team
+1 (555) 123-4567
OneTimeLogin Inc.
123 Tech Street
San Francisco, CA 94105
United States
Data Protection Officer
For GDPR-related inquiries from EU residents