Privacy Policy

Last updated: January 2025

                    Summary: We only handle your Google tokens to deliver them to your application. We do not store, sell, or misuse your data.
                

1. Information We Collect

When you authenticate through Open Auth Bridge, we temporarily handle:

OAuth tokens — access token, refresh token, and expiry time
Email address — to confirm successful authentication and display it to you
State parameter — provided by your application to route tokens to the correct destination

2. How We Use Your Information

Data is used exclusively to complete the OAuth flow, deliver tokens to the initiating application, and refresh expired tokens on request. We do not use your data for analytics, advertising, or profiling.

3. Data Storage & Retention

Tokens are held in-memory only during callback processing and delivery. We do not write tokens to any persistent database or log files. Once delivered, tokens are no longer retained.

4. Data Sharing

We do not sell, trade, or share your information with any third parties except the application that initiated the auth request (via webhook or manual display) and Google as required to complete the OAuth flow.

5. Google API Services

Open Auth Bridge's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

6. Revoking Access

You can revoke access at any time at myaccount.google.com/permissions.

7. Security

All communication is encrypted via HTTPS. We follow OAuth 2.0 best practices including state parameter validation and short-lived token handling.

8. Changes to This Policy

We may update this policy periodically. Continued use constitutes acceptance.

9. Contact

For privacy questions, contact the service administrator at arshman.me.