Skip to main content

Legal

Privacy Policy

Last updated: May 13, 2026

Self-hosted first: When you run AuthDeep on your own infrastructure, your user data stays on your servers. AuthDeep does not collect, process, or have access to data in self-hosted deployments.

1. Overview

AuthDeep is a self-hosted identity and API security platform. This Privacy Policy explains how AuthDeep collects, uses, and protects information when you visit our website or use our software. Because AuthDeep is self-hosted, your application data stays on your own infrastructure — we do not receive it.

2. Information We Collect

Website visitors: We collect standard web server logs (IP address, browser type, pages visited, referrer) for security and uptime monitoring. We do not add third-party analytics to the landing page by default.

Contact form submissions: When you use our support form, we collect the information you provide (name, email, message) to respond to your inquiry.

Self-hosted platform: When you deploy AuthDeep on your own infrastructure, user data (accounts, sessions, audit logs) is stored in your own PostgreSQL and Redis instances. We do not have access to this data.

3. How We Use Information

We use collected information to: respond to support requests; monitor website security and detect malicious activity; improve the platform based on aggregated non-identifying usage signals; and comply with legal obligations. We do not sell, rent, or share personal information with third parties for marketing purposes.

4. Cookies and Tracking

Landing page: We use only essential infrastructure cookies. No third-party analytics or advertising cookies are set by default.

Authenticated platform: Authentication sessions use secure HttpOnly cookies that are not readable by JavaScript. Additional request-protection cookies may be used to help defend authenticated actions.

5. Data Security

We apply industry-standard security measures, including encrypted transport, browser session hardening, safe database access patterns, audit history, and edge security headers.

6. Data Retention

Website logs: Retained for up to 90 days for security analysis.

Contact form data: Retained until your inquiry is resolved.

Self-hosted platform: Retention is controlled entirely by you as the operator.

7. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or export your personal data. Contact us using the details in Section 10. For users of a self-hosted deployment, data rights requests should be directed to the operator of that deployment.

8. Third-Party Services

Our landing page is served via Cloudflare Workers. Cloudflare processes request metadata per their privacy policy (cloudflare.com/privacypolicy). We do not use third-party advertising networks, social media pixels, or analytics SDKs on the landing page.

9. Children Privacy

AuthDeep is not directed to individuals under 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us immediately.

10. Contact

For privacy-related questions or data requests, contact us via the support page. We aim to respond to all requests within 30 days.

Contact us Cookie Policy Terms of Service