Privacy Policy

Our Commitment to Your Privacy

At Authfu, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your information when you use our passwordless authentication service.

Information We Collect

Information You Provide

• Email addresses used for authentication
• Profile information you choose to provide
• Two-factor authentication preferences

Information We Automatically Collect

• Login timestamps and session information
• IP addresses for security purposes
• Device and browser information
• Usage patterns to improve our service

How We Use Your Information

• Authentication Services

  To provide passwordless login and multi-factor authentication

• Security

  To detect and prevent fraudulent activities and security breaches

• Service Improvement

  To analyze usage patterns and improve our authentication platform

• Communication

  To send you service-related notifications and security alerts

Email Communications

We send transactional emails including:

• Magic link authentication emails
• Security notifications and alerts
• Account activity summaries
• Service updates and maintenance notifications

Unsubscribe Options

You can manage your email preferences at any time:

• Account Settings

  Log into your account and adjust notification preferences

• Unsubscribe Links

  Click the unsubscribe link in any non-essential email we send

• Contact Us

  Email us directly to update your communication preferences

Note: You cannot unsubscribe from essential security and authentication emails required for the service to function.

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information in the following limited circumstances:

• Service Providers

  With trusted third-party providers who help us operate our service (email delivery, hosting, security)

• Legal Requirements

  When required by law, court order, or legal process

• Security Threats

  To investigate security incidents or protect our users and service

Data Security

We implement industry-standard security measures to protect your information:

• Encryption in transit and at rest
• Regular security audits and monitoring
• Limited access controls for our team members
• Secure data centers and infrastructure

Your Rights

You have the right to:

• Access your personal information we store
• Correct inaccurate or incomplete information
• Delete your account and associated data
• Export your data in a portable format
• Object to certain types of data processing

Data Retention

We retain your information only as long as necessary to provide our services and comply with legal obligations:

• Active Accounts

  Profile and authentication data retained while your account is active

• Session Logs

  Login and security logs retained for 90 days for security purposes

• Deleted Accounts

  Most data deleted within 30 days, some security logs retained for up to 1 year

International Users

Our services are hosted in the United States. If you are accessing our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically for any changes.