Privacy Policy

Last updated: January 9, 2026

Cead ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our authentication service and website.

1. Information We Collect

Information You Provide

We collect information you provide directly to us, including:

  • Account Information: Email address, password (hashed), and optional profile information like name
  • Payment Information: Billing details processed through our payment provider (Stripe)
  • Communications: Information you provide when contacting support

Information Collected Automatically

When you use our service, we automatically collect:

  • Usage Data: Authentication events, API requests, and feature usage
  • Device Information: IP address, browser type, operating system
  • Session Data: Session tokens, login timestamps, and session duration

Information from Third Parties

If you authenticate using OAuth providers (Google, GitHub, etc.), we receive basic profile information as permitted by your settings with those providers.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our authentication service
  • Process transactions and send related information
  • Send technical notices, security alerts, and support messages
  • Respond to your comments, questions, and support requests
  • Monitor and analyze trends, usage, and activities
  • Detect, investigate, and prevent fraudulent or unauthorized activity
  • Comply with legal obligations

3. Information Sharing

We do not sell your personal information. We may share information in the following circumstances:

  • With Your Consent: When you authorize us to share information
  • Service Providers: With vendors who assist in providing our services (hosting, payment processing)
  • Legal Requirements: When required by law or to protect rights and safety
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

4. Data Retention

We retain your information for as long as your account is active or as needed to provide services. After account deletion:

  • Personal data is deleted within 30 days
  • Anonymized analytics data may be retained indefinitely
  • Backup data is purged within 90 days

5. Data Security

We implement industry-standard security measures including:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Password hashing using Argon2id
  • Regular security audits and penetration testing
  • Access controls and audit logging
  • DDoS protection and rate limiting

6. Your Rights

Depending on your location, you may have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate data
  • Deletion: Request deletion of your personal data
  • Portability: Receive your data in a portable format
  • Objection: Object to certain processing activities

To exercise these rights, contact us at privacy@cead.dev.

7. International Data Transfers

Our service operates globally using Cloudflare's edge network. Your data may be processed in various countries. We ensure appropriate safeguards are in place for international transfers.

8. Cookies and Tracking

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising pixels. Analytics are collected using privacy-preserving methods without identifying individual users.

9. Children's Privacy

Our service is not directed to children under 13. We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy, please contact us: