Privacy Policy
What data SSO EA collects, how we protect it, and the rights you have over it.
Last updated: June 9, 2026
Data we collect
We collect only what is needed to identify you: your email address and/or phone number, and optionally a display name and nickname. Sign-in logs store your IP address and browser (user-agent). We never collect passwords — sign-in uses a one-time code (OTP).
How we store it
Your email and phone are stored encrypted with AES-256; only one-way (SHA-256) hashes are used for lookups. One-time codes and your security code are never stored in plain text — only Argon2id hashes. One-time codes expire after 5 minutes.
Sharing with apps
When you sign in to an app with SSO EA, only the following is shared, and only with your explicit consent: your user id, name, email and phone. Your password (there is none) and any role/permission are never shared. You can revoke any app from Profile → Connected Apps at any time.
Cookies
We use functional cookies only: a session cookie (keeps you signed in) and an optional trusted-device cookie (so we don't re-ask your security code on a device you trust). We use no advertising or tracking cookies.
Third-party services
We use Cloudflare Turnstile for bot/spam protection and Hostinger for hosting and email delivery. Only the technical data required to run the service is shared with them.
Retention & deletion
Sign-in logs are kept for security; stale untrusted-device records are deleted periodically. To request deletion of your account or data, contact us.
Your rights & contact
You may access, correct, or request deletion of your data. For any request: contact@ssoea.com.