This Privacy Policy explains how Authra collects, uses, discloses, and protects
information in connection with our website at authra.io, related pages (docs, forms,newsletters), and developer materials we make available through the site (together, the
“Site”). It does not cover third-party websites or services we link to.
“Authra,” “we,” “us,” or “our” refers to Authra Foundation (Switzerland) and Authra
Labs Ltd. (UAE, ADGM). Contact: hello@authra.io (general) and legal@authra.io
(privacy/legal).
What this policy covers
Visitors to our Site, newsletter subscribers, waitlist sign-ups, and people who contact us.
Developers who access docs, SDKs, or submit forms for API or early access (additional terms may apply).
This policy reflects our commitment to privacy-by-design and GDPR-style principles (data minimization, purpose limitation, user rights).
If you use Authra software, apps, or protocol tools outside the Site, additional or different privacy terms may apply, which will be presented where relevant.
Information we collect
A. You provide to us
Contact details (e.g., name, email, role/company) when you subscribe, join a waitlist, request materials, or contact support.
Developer info you submit in forms (e.g., use case, region) to evaluate access to tools or programs.
B. Collected automatically (Site)
Log data (IP address, user agent, referrer/exit pages, date/time, basic device and browser info).
Usage/analytics data (page views, clicks, scroll depth) using a privacy-respecting analytics tool configured without cross-site tracking.
Cookies/local storage to remember preferences and improve performance. See §10.
C. From third parties
Our email/CRM providers (e.g., when you confirm a subscription).
Public sources (e.g., company websites/LinkedIn) to verify role or prevent abuse.
D. What we don’t intentionally collect
Sensitive categories (e.g., health, precise geolocation) on the Site.
Children’s data (see §9).
Protocol/app telemetry note: When users later opt in to Authra’s proofs, our design favors pseudonymity, k-anonymized grids, and minimal necessary data; telemetry is signed on-device before leaving the phone. Those flows are covered by product-specific terms and notices.
How we use information
We process personal data only where we have a lawful basis under GDPR-style frameworks:
Provide & operate the Site, respond to inquiries, deliver requested materials (contract/legitimate interests).
Communications: transactional emails (confirmations, policy updates); optional newsletters if you subscribe (consent; you may unsubscribe any time).
Security & abuse prevention (legitimate interests): detect fraud, spam, misuse; protect our services.
Analytics & performance (legitimate interests): understand what content is useful and improve the Site.
Legal compliance (legal obligation): keep required records, respond to lawful requests.
We do not sell personal information. We do not offer financial services.
Sharing of information
We share personal data only with:
Service providers (hosting, email, analytics, form/CRM) bound by contracts to process data on our behalf.
Affiliates (Authra Foundation / Authra Labs) for the purposes in this policy.
Compliance and safety: to comply with laws, lawful requests, or enforce our terms.
Business transfers (e.g., reorganization).
Links to third-party sites or smart contracts are outside our control; their policies apply.
International transfers
We may process data in countries other than where you live (e.g., EEA, UK, UAE, US). Where required, we use safeguards such as Standard Contractual Clauses and vendor DPAs to protect cross-border transfers.
Retention
We retain personal data only as long as necessary for the purposes described or as required by law, then delete or irreversibly anonymize it. Typical windows:
Contact/waitlist records: up to 24 months after last interaction (or delete sooner upon request).
Newsletter data: until you unsubscribe + up to 30 days to complete suppression.
Web logs: up to 30 days for security.
Aggregated analytics: up to 14 months.
Your rights
Depending on where you live, you may have rights to access, correct, delete, restrict, port, or object to certain processing, and to withdraw consent. To exercise these rights, contact legal@authra.io; we’ll respond as required by law. You may also have the right to complain to a data protection authority.
Security
We use technical and organizational measures appropriate to the risk, including TLS in transit, encryption at rest by our providers, access controls, and least-privilege principles. For product telemetry (outside this Site), our architecture favors on-device signing and privacy-preserving techniques (see note in §2D).
Children’s privacy
The Site is not directed to children under 16 and we do not knowingly collect their personal data. If you believe a child has provided data, contact us to remove it. (Age threshold aligned with our ToS eligibility).
Cookies & similar technologies
We use:
Essential cookies (security, load balancing, preference storage).
Analytics cookies or local storage (aggregated usage metrics).
No cross-site advertising cookies.
You can manage cookies in your browser. Where required, we’ll present a simple preference banner.
Third-party links
Our Site may link to third-party websites or services. Their privacy policies—not ours—govern your use of those properties.
Changes to this policy
We may update this policy from time to time; we’ll post a new Effective date when we do. Material changes will be highlighted on the Site.
Region-specific notices (summary)
EEA/UK/Switzerland: we operate under GDPR-style principles; legal bases are listed in §3. You may contact your supervisory authority if you are unsatisfied with our response. Our Site terms and references already acknowledge GDPR alignment and privacy-by-design.
UAE (ADGM): processing complies with applicable ADGM data protection rules where relevant; disputes related to the Site are otherwise handled under our ToS.
California (CPRA): we do not “sell” personal information as defined by CPRA; you have rights to know, delete, correct, and limit certain uses. Contact us to exercise these rights.
Summary
We collect minimal contact and usage data to run the Site and communicate with you.
We don’t sell your data and we avoid collecting sensitive info on the Site.
You can unsubscribe or ask us to delete your data, and we’ll comply as the law requires.
Contact
hello@authra.io; rohan@authra.io
Disclaimers & Distribution Notice
Private & Confidential
This document has been prepared solely for informational purposes and contains high-level, confidential information relating to the Authra project. It contains confidential and proprietary information relating to Authra. By receiving or reviewing this document—whether as an intended recipient or otherwise—you acknowledge and agree that an obligation of confidentiality is implicitly created. By accessing or reviewing this document, you are deemed to have been placed on notice of its confidential nature and agree to treat its contents accordingly. You agree not to reproduce, distribute, or disclose this document or its contents, in whole or in part, without the prior written consent of Authra. Certain implementation details and sensitive information have been intentionally withheld and will only be made available under a duly executed Non-Disclosure Agreement (NDA). Nothing in this document constitutes an offer of securities, investment solicitation, or a binding commitment of any kind.