Thauth.devLegal
Legal/Thauth Privacy Policy

Legal document

Thauth Privacy Policy

How Thauth.dev collects, uses, stores, and protects personal data across the service.

Last updated April 22, 2026Download MarkdownCookie policy

This Privacy Policy explains how Thauth (“Thauth”, “we”, “us”, or “our”) collects, uses, and processes personal data in connection with the Thauth platform, APIs, and related services (the “Service”).

This Policy applies to:

  • Visitors to our website
  • Users of the Thauth dashboard
  • Customers integrating with our APIs

1. Roles and Scope

Depending on context, Thauth acts as:

  • Data Controller for personal data related to:
  • Account registration
  • Billing and communications
  • Website usage
  • Data Processor for personal data included in Customer Data processed through the Service.

Customers are responsible for ensuring they have a lawful basis to process any personal data submitted to the Service.

2. Categories of Personal Data

2.1 Account and Identity Data

  • Name
  • Email address
  • Authentication credentials (hashed passwords, tokens)
  • Account identifiers

2.2 Customer Data (Processed on Behalf of Customers)

  • Subject identifiers (e.g., user IDs, emails, or other identifiers)
  • Authorization data (roles, permissions, assignments, overrides)
  • Request metadata associated with authorization checks

Thauth does not independently determine the purpose of processing Customer Data.

2.3 Technical and Usage Data

  • IP address
  • Device and browser information
  • Log data (requests, errors, timestamps)
  • API usage metrics

2.4 Communication Data

  • Support requests
  • Email communications

3. Purposes of Processing

We process personal data for the following purposes:

3.1 Service Provision

  • Operating and maintaining the Service
  • Processing authorization requests
  • Managing accounts and authentication

3.2 Security and Integrity

  • Detecting fraud, abuse, or unauthorized activity
  • Monitoring system performance
  • Investigating incidents

3.3 Improvement and Analytics

  • Understanding usage patterns
  • Improving system performance and reliability

3.4 Billing and Administration

  • Processing payments via Polar
  • Managing subscriptions and invoices

3.5 Communications

  • Sending transactional emails (via Resend)
  • Responding to inquiries

Where GDPR applies, we rely on:

To provide the Service

  • Contract Performance (Art. 6(1)(b)):
  • Legitimate Interests (Art. 6(1)(f)):
  • Security and fraud prevention
  • Service improvement
  • System monitoring

Compliance with applicable laws

  • Legal Obligations (Art. 6(1)(c)):

5. Data Sharing and Subprocessors

We may share data with trusted subprocessors:

Current Subprocessors

  • Contabo — infrastructure hosting
  • Polar — payment processing (Merchant of Record)
  • Resend — transactional email delivery

Subprocessors are contractually bound to protect personal data.

6. International Data Transfers

Personal data may be processed in countries outside the European Economic Area (EEA).

Where required, we implement safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • Equivalent legal mechanisms

7. Data Retention

We retain personal data:

  • For as long as necessary to provide the Service
  • As required to comply with legal obligations
  • For security and audit purposes (logs)

Customer Data is retained according to:

  • Customer instructions
  • Contractual obligations

8. Data Subject Rights

Where applicable, individuals have the right to:

  • Access personal data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Erase data (“right to be forgotten”, Art. 17)
  • Restrict processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)

Requests should be directed to:

📧 legal@thauth.dev

For Customer Data, requests should be directed to the Customer (data controller).

9. Security Measures

We implement appropriate technical and organizational measures, including:

  • Access controls
  • Authentication and session management
  • Logging and monitoring
  • Infrastructure isolation

However, no system is completely secure.

10. Cookies and Tracking

We may use limited cookies or similar technologies for:

  • Authentication
  • Session management
  • Security purposes

We do not use tracking cookies for advertising purposes.

11. Children’s Data

The Service is not intended for individuals under the age of 16.

We do not knowingly collect personal data from children.

12. Changes to this Policy

We may update this Privacy Policy from time to time.

Material changes will be communicated where appropriate.

13. Contact

For questions or requests:

📧 legal@thauth.dev

14. Supervisory Authority (EU Users)

If you are located in the EU, you have the right to lodge a complaint with your local data protection authority.

Cookie Notice

We use essential cookies for sign-in, session security, and CSRF protection. We do not use analytics or advertising cookies right now. Learn more