Legal

Privacy Policy

Effective date: July 12, 2026

Your trust is the foundation of every identity handshake. This policy describes how Zen OIDC collects, uses, and protects personal information across our authentication platform.

1. Overview

Zen OIDC ("we", "our", or "us") operates an OAuth 2.1 and OpenID Connect identity platform. This Privacy Policy explains what information we collect, how we use it, and the choices you have when you use our website, developer dashboard, and authentication services.

By creating an account, authorizing an application, or using our platform, you agree to the practices described in this policy.

2. Information We Collect

We collect information in three primary contexts: account registration, authentication activity, and developer platform usage.

  • Account details such as your name, email address, and profile information you choose to provide.
  • Authentication records including login timestamps, session identifiers, IP addresses, and device metadata used for security monitoring.
  • OAuth and OIDC authorization data such as client IDs, granted scopes, consent decisions, redirect URIs, and token metadata required to operate federated sign-in.
  • Developer platform data including registered OAuth clients, application names, and configuration settings you manage in the dashboard.
  • Support communications when you contact us directly.

3. How We Use Information

We use collected information to operate, secure, and improve the identity platform. Specifically, we use data to:

  • Authenticate users and maintain secure sessions.
  • Issue, validate, and revoke OAuth 2.1 / OpenID Connect tokens.
  • Display consent screens and honor authorization decisions.
  • Detect abuse, prevent fraud, and investigate security incidents.
  • Provide customer support and respond to legal or compliance requests.
  • Improve reliability, performance, and developer experience.

4. OAuth, OIDC, and Third-Party Applications

When you authorize a third-party application through Zen OIDC, we share only the information required by the scopes you approve. Third-party applications are independently responsible for their own privacy practices once they receive your data.

Developers registering OAuth clients must provide accurate redirect URIs and are responsible for handling end-user data in compliance with applicable laws.

5. Cookies and Session Storage

We use cookies and similar technologies to maintain authenticated sessions, protect against cross-site request forgery, and remember essential security preferences.

Session cookies are typically short-lived. You can revoke active sessions from your account dashboard or by signing out.

6. Data Retention

We retain account and authorization records for as long as your account remains active or as needed to provide services, comply with legal obligations, resolve disputes, and enforce agreements.

Security logs and audit events may be retained for a longer period to support incident response and compliance requirements.

7. Your Rights and Choices

Depending on your jurisdiction, you may have the right to access, correct, delete, or export personal data we hold about you. You may also withdraw OAuth consents for connected applications at any time from the Authorized Apps section of your dashboard.

To exercise privacy rights, contact us using the details below. We may need to verify your identity before fulfilling a request.

8. Security

We apply industry-standard safeguards including encrypted transport (TLS), hashed credentials, scoped access tokens, refresh token rotation, and session revocation controls.

No method of transmission or storage is completely secure. If you believe your account has been compromised, revoke sessions immediately and contact us.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected on this page with an updated effective date. Continued use of the platform after changes become effective constitutes acceptance of the revised policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at support@zen-oidc.dev or through our contact page.

Questions? Contact our team.