Privacy Policy

1. Introduction

Little Omega ("we", "us", or "our") operates the LoginWith service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Company Information

3. Information We Collect

We collect the following types of information:

• Email address: Provided during authentication through your identity provider
• IP address: Collected automatically for security and fraud prevention
• Device information: Browser type, operating system, and device identifiers
• Usage data: How you interact with our service, including login timestamps and frequency

4. Cookies

We use cookies strictly for authentication purposes only. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

Our authentication cookies are essential for the service to function and cannot be disabled while using LoginWith.

5. How We Use Your Information

We use the collected information to:

• Provide and maintain our authentication service
• Verify your identity and prevent fraud
• Communicate with you about service updates
• Comply with legal obligations
• Improve our service and user experience

6. Data Storage and Security

Location: All data is stored in Europe, ensuring compliance with EU data protection regulations.

Encryption: We use AES-256 encryption for data at rest (provided by MongoDB Atlas) and TLS encryption for data in transit. Passwords are hashed using Argon2.

Subprocessors: We work with the following data subprocessors:

• Scaleway (French IaaS provider) - Infrastructure hosting
• MongoDB Atlas (EU region) - Database storage

7. Data Retention

We retain your personal data for as long as your account is active. After account deletion, we retain your data for 1 year to comply with legal obligations and resolve disputes. After this period, your data is permanently deleted.

8. Data Sharing

We do not sell your personal data. We only share your information in the following circumstances:

• With your consent or at your direction
• With our service providers (subprocessors) who assist in operating our service
• When required by law or to respond to legal process
• To protect our rights, privacy, safety, or property

9. Your Rights

Under GDPR and CCPA, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Portability: Request your data in a portable format
• Right to Object: Object to certain processing of your data
• Right to Withdraw Consent: Withdraw consent at any time

To exercise any of these rights, please contact us at privacy@loginwith.app.

10. Age Requirements

Our service is not intended for users under the minimum age required by applicable law (the most restrictive of EU regulations and the user's country of origin). We do not knowingly collect personal information from children under these age requirements.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.