Privacy Policy

Last Updated: 2025-10-13T16:22:35.000Z

Introduction

DoneIsBetter SSO ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Single Sign-On (SSO) authentication service.

Information We Collect

Personal Information

We collect the following information when you register or use our service:

  • Email Address - Required for account creation and authentication
  • Password - Stored using industry-standard bcrypt hashing
  • Username - Optional display name
  • Session Data - Authentication tokens and session identifiers

Automatically Collected Information

When you use our service, we automatically collect:

  • IP Address - For security monitoring and fraud prevention
  • User Agent - Browser and device information
  • Authentication Logs - Login attempts, timestamps, and success/failure status
  • Session Activity - Session creation, validation, and expiration events

How We Use Your Information

We use the collected information for the following purposes:

  • Authentication - To verify your identity and maintain secure sessions
  • Service Delivery - To provide SSO functionality across integrated applications
  • Security - To detect and prevent unauthorized access, fraud, and abuse
  • Account Management - To manage your account, process password resets, and handle support requests
  • Communication - To send authentication-related emails (magic links, password reset, PIN verification)
  • Compliance - To comply with legal obligations and enforce our terms of service

Data Storage and Security

Data Storage

Your data is stored in MongoDB databases with the following protections:

  • Production and development environments use the same secure database infrastructure
  • All connections use encrypted channels (SSL/TLS)
  • Passwords are hashed using bcrypt with salt rounds before storage
  • Session tokens are securely generated and stored with HttpOnly cookies

Security Measures

We implement industry-standard security practices:

  • Encryption - HTTPS/TLS for all data in transit
  • Authentication - Multi-factor authentication options (PIN verification, magic links)
  • Session Management - Automatic session expiration and validation
  • Access Controls - Role-based permissions and audit logging
  • Rate Limiting - Protection against brute force attacks
  • CORS Policies - Strict cross-origin resource sharing controls

Data Sharing and Disclosure

Third-Party Services

We use the following third-party services:

  • Vercel - Hosting and deployment infrastructure
  • MongoDB Atlas - Database hosting and management
  • Email Service Provider - For sending authentication emails (Resend/Nodemailer)

Integrated Applications

When you authenticate through our SSO service, we share limited information with integrated applications:

  • User ID (unique identifier)
  • Email address
  • Username (if provided)
  • Permission levels (admin status, role-based access)

Legal Requirements

We may disclose your information if required by law, court order, or government regulation.

Your Rights and Choices

You have the following rights regarding your personal information:

  • Access - Request access to your personal data through your account page
  • Correction - Update your email, username, or password at any time
  • Deletion - Request account deletion via our data deletion page
  • Export - Request a copy of your data (contact support@doneisbetter.com)
  • Opt-Out - Manage email notification preferences in your account settings

Data Retention

We retain your information as follows:

  • Active Accounts - Data retained indefinitely while account is active
  • Deleted Accounts - Data permanently deleted within 30 days of deletion request
  • Authentication Logs - Retained for 90 days for security and audit purposes
  • Session Data - Automatically deleted upon session expiration

Cookies and Tracking

We use cookies for the following purposes:

  • Authentication Cookies - HttpOnly cookies with domain .doneisbetter.com
  • Session Management - To maintain your logged-in state across integrated applications
  • Security - To prevent cross-site request forgery (CSRF) attacks

Our cookies are essential for service functionality. Disabling cookies will prevent authentication.

Children's Privacy

Our service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: