At LittleAuth, we take your privacy seriously. This Privacy Policy explains how we collect, use, protect, and disclose your personal information when you use our service.

1. Information We Collect

We collect information that you provide directly to us when you use our service, including:

• Basic profile information from OAuth providers (name, email address, profile picture)
• Authentication tokens for connected services
• Calendar connection information when you connect calendar services
• Usage data such as IP addresses, browser type, pages visited, and time spent on our service
• Device information including device type, operating system, and unique device identifiers

2. OAuth Provider Information

Depending on which OAuth providers you use to authenticate with our service, we may collect different types of information:

• Google OAuth: When you authenticate with Google, we receive your name, email address, profile picture, and authentication tokens. We do not receive your Google password.
• Microsoft OAuth: Authentication through Microsoft provides us with your name, email address, and Microsoft account identifier. We do not receive your Microsoft password.
• Apple OAuth: Using Sign in with Apple may provide us with your name and email address, depending on the information you choose to share. Apple's privacy-focused approach may provide us with a unique identifier rather than your actual email address.
• Calendly OAuth: Authentication with Calendly provides us with your Calendly user information, including name, email, and authentication tokens to interact with your Calendly account.

For each provider, we only request the minimum permissions necessary to provide our service. You can review the specific permissions requested during the authentication process.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Authenticate you with third-party providers
• Connect to calendar services on your behalf
• Process and complete transactions
• Send you technical notices, updates, security alerts, and support messages
• Respond to your comments, questions, and customer service requests
• Monitor and analyze trends, usage, and activities in connection with our service
• Detect, investigate, and prevent fraudulent transactions and other illegal activities
• Comply with legal obligations

4. Data Security and Protection

We implement robust security measures to protect your personal information and authentication tokens:

• Encryption: All data transmitted between your browser and our servers is encrypted using industry-standard TLS/SSL protocols. Authentication tokens and sensitive information are encrypted at rest using strong encryption algorithms.
• Secure Storage: We store your data in secure database systems with strict access controls. Authentication tokens are stored securely and are only used to provide the services you have explicitly requested.
• Access Controls: Access to personal information is restricted to authorized personnel only, based on the principle of least privilege. Our employees undergo privacy and security training.
• Regular Audits: We conduct regular security audits and vulnerability assessments to identify and address potential security issues.
• Monitoring: We maintain logging and monitoring systems to detect and respond to suspicious activities.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

5. OAuth Token Security

Authentication tokens obtained through OAuth providers are particularly sensitive. We take the following measures to protect these tokens:

• Tokens are encrypted before being stored in our database
• We implement token rotation and refresh procedures according to best practices
• Access to tokens is strictly limited to the specific functions that require them
• Expired tokens are securely deleted
• We never share your tokens with third parties unless explicitly authorized by you

6. Third-Party Services

Our service integrates with third-party services such as Google, Microsoft, Apple, and Calendly. Your use of these services is subject to their respective privacy policies, which we encourage you to review:

• Google Privacy Policy
• Microsoft Privacy Statement
• Apple Privacy Policy
• Calendly Privacy Policy

We do not control these third-party services and are not responsible for their privacy practices. We recommend reviewing their privacy policies before using their services through our platform.

7. Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy. If you delete your account, we will delete or anonymize your personal information, unless:

• We are required to retain it to comply with applicable laws
• We need to retain it to resolve disputes
• We need to retain it to enforce our agreements
• Retention is necessary for our legitimate business purposes, such as fraud prevention and enhancing safety

Authentication tokens are retained only as long as they are valid and necessary to provide the services you have requested. Expired tokens are securely deleted.

8. Your Rights

Depending on your location, you may have certain rights regarding your personal information, including:

• Access: You can request a copy of the personal information we hold about you.
• Correction: You can request that we correct inaccurate or incomplete information about you.
• Deletion: You can request that we delete your personal information in certain circumstances.
• Restriction: You can request that we restrict the processing of your information in certain circumstances.
• Data Portability: You can request a copy of your data in a structured, commonly used, and machine-readable format.
• Objection: You can object to our processing of your personal information in certain circumstances.
• Withdrawal of Consent: You can withdraw your consent at any time where we rely on consent to process your personal information.

To exercise these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within a reasonable timeframe and in accordance with applicable laws.

9. Children's Privacy

Our service is not directed to children under the age of 13 (or the minimum age required in your country). We do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us so that we can delete such information.

10. International Data Transfers

Your information may be transferred to, and processed in, countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country. We implement appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will provide more prominent notice or obtain your consent as required by law.

We encourage you to review this Privacy Policy periodically to stay informed about our information practices.

12. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

Email: privacy@littleauth.com

Last updated: March 13, 2025