Legal
Privacy Policy
How Own Auth Delivery handles data for managed auth email delivery.
Last updated: July 9, 2026
Overview
Own Auth Delivery sends authentication email for apps using Own Auth. This policy explains what data the delivery service handles when you use the dashboard or send auth emails through the service.
The Own Auth package runs in your app. Your app's user database, sessions, organisations, and auth tokens are not managed by this delivery service.
Data We Collect
We collect the data needed to run the service:
- dashboard account email address
- app names and app settings
- allowed app URLs
- hashed delivery keys and safe key prefixes
- recipient email address for each delivery request
- email type, delivery status, timestamp, and safe error message
- basic technical data needed for security, rate limits, and abuse prevention
Data We Do Not Store
App delivery email logs are designed to be safe to inspect. They should not contain auth secrets.
- raw delivery keys
- passwords
- raw auth tokens
- magic-link URLs
- password-reset URLs
- email-verification URLs
How We Use Data
We use service data to:
- authenticate delivery requests
- send requested auth emails
- enforce app URL rules
- rate-limit abusive or accidental spikes
- show safe app delivery email logs in the dashboard
- debug email send failures
- protect the service and its users
Cookies And Analytics
The dashboard uses secure cookies to keep dashboard users signed in. These cookies are used for authentication and account security.
The public site may use privacy-conscious analytics to understand page usage. Analytics events must not include auth URLs, tokens, delivery keys, passwords, or email contents.
Service Providers
We may use infrastructure providers for hosting, databases, queues, analytics, and outbound email delivery. These providers process data only as needed to run Own Auth Delivery.
Retention
We keep dashboard account records, app settings, delivery key metadata, rate-limit records, and app delivery email logs for as long as needed to provide the service, investigate abuse, satisfy operational needs, or comply with legal obligations.
Security
We use security controls designed for auth infrastructure, including hashed delivery keys, server-only secrets, rate limits, URL validation, and safe app delivery email logs.
Your Choices
You can update app settings, rotate delivery keys, revoke delivery keys, and stop using managed delivery from the dashboard.
Requests about account or service data should go through the official Own Auth support channel.
Changes
We may update this policy as the service changes. The updated date on this page shows when it last changed.