Privacy Policy

1. Introduction

LoginSign ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data when you use our authentication services, website, and related offerings. We process data in accordance with the General Data Protection Regulation (GDPR), the ePrivacy Directive, and other applicable data protection laws.

2. Controller and Contact

The data controller responsible for your personal data is LoginSign. For questions about this policy or to exercise your rights, contact us at contact@loginsign.com or via our contact form.

3. What Data We Collect

We collect and process the following categories of data:

• Account data: Email address (real or masked), display name, profile picture, and unique user identifier when you sign in via a social provider.
• Technical data: IP address, browser type, device information, and log data for security and operational purposes.
• Usage data: Aggregated statistics on login flows and integration activity. We do not track individual behavior across sites.
• Communication data: Emails and messages you send to us for support or sales.

When we provide masked email addresses to third-party applications, those applications do not receive your real email. The masked address is a relay we operate; emails sent to it are forwarded to your real inbox without disclosing your identity to the application.

4. Legal Basis for Processing

We process personal data based on the following legal grounds under GDPR:

• Contract performance (Art. 6(1)(b)): To provide authentication, manage your account, and deliver our services.
• Legitimate interests (Art. 6(1)(f)): To ensure security, prevent fraud, and improve our services.
• Legal obligation (Art. 6(1)(c)): To comply with tax, accounting, and other regulatory requirements.
• Consent (Art. 6(1)(a)): Where we expressly ask for your consent for optional processing (e.g. marketing emails).

5. How We Use Your Data

We use your data to:

• Provide authentication and single sign-on (SSO) services.
• Maintain and secure your account.
• Forward emails to masked addresses to your real inbox.
• Respond to support and sales inquiries.
• Improve our services and comply with legal obligations.

We do not sell your personal data. We do not use your data for advertising or third-party marketing.

6. Data Sharing and Recipients

We may share data with:

• Identity providers: When you sign in with Google, Apple, GitHub, etc., we exchange necessary data with those providers under their respective privacy policies.
• Third-party applications: When you authenticate to an app that uses LoginSign, we share only the data the app requests—never your real email unless you explicitly consent.
• Service providers: We use processors for hosting, email delivery, and support. All processors are bound by data processing agreements.
• Authorities: We may disclose data when required by law or to protect our rights and safety.

7. International Transfers

We store and process data primarily within the European Economic Area (EEA). Where we transfer data outside the EEA, we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions.

8. Data Retention

We retain data only as long as necessary: account data until you delete your account plus a short retention for backup and legal compliance; logs typically 90 days; communication data for the duration of the conversation plus follow-up. After retention periods expire, we delete or anonymize data.

9. How We Protect Your Data

We implement encryption (TLS 1.3 in transit, AES-256 at rest), access control, security monitoring, and practices aligned with SOC 2, ISO 27001, and GDPR requirements.

10. Third-Party Access by Integrated Services

When you use LoginSign to sign in to a third-party application, that application receives only the data it requests through our API—typically a user ID, display name, and masked email. We require integrated applications to use data only for authentication and related purposes, and to comply with applicable privacy laws.

11. Your Rights

Under GDPR you have the right to access, rectification, erasure, restriction, data portability, object, withdraw consent, and lodge a complaint with a supervisory authority. To exercise these rights, contact us at contact@loginsign.com. We will respond within the timeframe required by law (typically 30 days). You may also manage your account and delete it from your account settings.

12. Cookies and Similar Technologies

We use cookies for essential functionality (session, security, authentication) and aggregated analytics. We do not use tracking for advertising. You can control cookies through your browser settings.

13. Children

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email. Continued use after changes constitutes acceptance.

15. Contact

For privacy-related inquiries, data subject requests, or to report a concern:

• Email: contact@loginsign.com
• Contact form: Contact Us
• Company details: Imprint