Privacy Policy

Introduction

DoneIsBetter SSO ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Single Sign-On authentication service.

Information We Collect

Personal Information

We collect the following information when you register or use our service:

• Email Address - Required for account creation and authentication
• Password - Stored using industry-standard bcrypt hashing
• Username - Optional display name
• Session Data - Authentication tokens and session identifiers

Automatically Collected Information

When you use our service, we automatically collect:

• IP Address - For security monitoring and fraud prevention
• User Agent - Browser and device information
• Authentication Logs - Login attempts, timestamps, and success or failure status
• Session Activity - Session creation, validation, and expiration events

How We Use Your Information

We use the collected information for the following purposes:

• Authentication - To verify your identity and maintain secure sessions
• Service Delivery - To provide SSO functionality across integrated applications
• Security - To detect and prevent unauthorized access, fraud, and abuse
• Account Management - To manage your account, process password resets, and handle support requests
• Communication - To send authentication-related emails such as magic links, password reset, and PIN verification
• Compliance - To comply with legal obligations and enforce our terms of service

Data Storage and Security

Data Storage

Your data is stored in MongoDB databases with the following protections:

• Production and development environments use the same secure database infrastructure
• All connections use encrypted channels (SSL/TLS)
• Passwords are hashed using bcrypt with salt rounds before storage
• Session tokens are securely generated and stored with HttpOnly cookies

Security Measures

We implement industry-standard security practices:

• Encryption - HTTPS/TLS for all data in transit
• Authentication - Multi-factor authentication options such as PIN verification and magic links
• Session Management - Automatic session expiration and validation
• Access Controls - Role-based permissions and audit logging
• Rate Limiting - Protection against brute force attacks
• CORS Policies - Strict cross-origin resource sharing controls

Data Sharing and Disclosure

Third-Party Services

We use the following third-party services:

• Vercel - Hosting and deployment infrastructure
• MongoDB Atlas - Database hosting and management
• Email Service Provider - For sending authentication emails

Integrated Applications

When you authenticate through our SSO service, we share limited information with integrated applications:

• User ID as a unique identifier
• Email address
• Username if provided
• Permission levels including admin status and role-based access

Legal Requirements

We may disclose your information if required by law, court order, or government regulation.

Your Rights and Choices

You have the following rights regarding your personal information:

• Access - Request access to your personal data through your account page
• Correction - Update your email, username, or password at any time
• Deletion - Request account deletion via our data deletion page
• Export - Request a copy of your data at support@doneisbetter.com
• Opt-Out - Manage email notification preferences in your account settings

Data Retention

We retain your information as follows:

• Active Accounts - Data retained indefinitely while the account is active
• Deleted Accounts - Data permanently deleted within 30 days of request
• Authentication Logs - Retained for 90 days for security and audit purposes
• Session Data - Automatically deleted upon session expiration

Cookies and Tracking

We use cookies for the following purposes:

• Authentication Cookies - HttpOnly cookies with domain .doneisbetter.com
• Session Management - To maintain your logged-in state across integrated applications
• Security - To prevent CSRF attacks

Our cookies are essential for service functionality. Disabling cookies prevents authentication.

Children's Privacy

Our service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us immediately.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you by posting the new policy on this page and updating the last updated date.

Contact Us

If you have questions about this Privacy Policy or our data practices:

• Email: support@doneisbetter.com
• Website: https://sso.doneisbetter.com
• Documentation: API Documentation