tooco auth
Back to Login

Privacy Policy

Last Updated: 2026-07-10

Privacy Policy

This Privacy Policy explains how this authentication service collects, uses, stores, and protects personal information when you create an account, sign in, manage your profile, or use single sign-on features.

Information We Collect

We may collect:

  • account details such as your email address, username, password hash, and profile information you choose to provide
  • authentication and security data such as sign-in attempts, password reset requests, verification events, two-factor authentication status, and active sessions
  • device and connection information such as browser family, operating system family, IP address, approximate location derived from IP, and security signals used to detect abuse
  • client authorization data when you approve access for connected applications through single sign-on
  • support or administrative changes made to your account when needed to operate the service

How We Use Information

We use personal information to:

  • create and manage user accounts
  • authenticate sign-in requests and maintain secure sessions
  • send account-related emails such as verification, password reset, suspicious login, and security alerts
  • protect the service against fraud, abuse, unauthorized access, and automated attacks
  • operate connected sign-on features for approved applications
  • investigate incidents, debug failures, and improve reliability and security
  • meet legal, compliance, or enforcement obligations

How We Share Information

We do not sell personal information. We may share limited data only:

  • with service providers that help deliver core functions such as email delivery, hosting, or infrastructure operations
  • with applications you explicitly authorize through the single sign-on consent flow
  • when required to comply with law, regulation, legal process, or to protect the safety, rights, and security of users or the service

Data Retention

We keep account and security records for as long as needed to provide the service, maintain account integrity, resolve disputes, enforce policies, and comply with legal obligations. Retention periods may vary depending on the type of record and the security or operational purpose involved.

Security Measures

We use administrative, technical, and organizational safeguards designed to protect account data. These measures include password hashing, session controls, CSRF protections, security logging, and optional multi-factor authentication. No system can guarantee absolute security, but we work to reduce risk and respond quickly to issues.

Your Choices

Depending on how this service is deployed, you may be able to:

  • review or update profile information in your account settings
  • change your password
  • manage active sessions or authorized applications
  • request account-related help from the service operator

International Transfers

If the service or its providers operate in multiple regions, information may be processed in jurisdictions other than your own. In those cases, reasonable steps should be taken to protect the information in line with applicable law.

Children's Privacy

This service is not intended for children unless it is specifically deployed for that purpose by the operator with appropriate authorization and notice.

Changes to This Policy

This Privacy Policy may be updated from time to time to reflect operational, legal, or security changes. The latest published version on this page applies from the listed update date.

Contact

If you have questions about this Privacy Policy or how account data is handled, contact the operator of the service through the support channel made available to you.

Terms of Service Cookie Policy Security Statement
© tooco auth | All rights reserved.

Choose Language

العربية ar English en Español es Français fr 日本語 ja 한국어 ko Português pt Русский ru 中文 zh