Privacy Policy

Last Updated: March 02, 2026

1. Introduction

IDTAG ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Information from OAuth Providers

When you sign in using OAuth (e.g., Google), we collect:

  • Email address
  • Name (if provided)
  • Profile picture (if provided)
  • OAuth provider user ID

2.2 WebAuthn Passkey Data

When you register a passkey, we store:

  • Phone number (encrypted)
  • Public key credentials
  • Device name (user-provided)
  • Credential usage timestamps

2.3 Automatically Collected Information

  • IP address
  • Browser type and version
  • Device information
  • Access times and dates
  • Pages viewed and actions taken

3. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Authenticate your identity
  • Process authorization requests for third-party applications
  • Send important service notifications
  • Detect and prevent fraud and abuse
  • Comply with legal obligations
  • Improve and optimize our Service

4. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All personally identifiable information (PII) is encrypted at rest using AES-256-GCM
  • Secure Transmission: All data in transit is protected using TLS/SSL
  • WebAuthn: Passkey authentication uses public-key cryptography
  • Session Security: HttpOnly, Secure, and SameSite cookies
  • Access Controls: Strict access controls and authentication requirements

5. Data Sharing and Disclosure

5.1 Third-Party Applications

When you authorize a third-party application, we share only the information you explicitly consent to share during the authorization process.

5.2 OAuth Providers

We interact with OAuth providers (e.g., Google) to authenticate your identity. Please review their privacy policies for information about how they handle your data.

5.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority.

5.4 No Sale of Data

We do NOT sell, rent, or trade your personal information to third parties for marketing purposes.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. You may request account deletion at any time, after which we will delete your data within 30 days, except where retention is required by law.

7. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Portability: Receive your data in a structured, machine-readable format
  • Revocation: Revoke authorization for third-party applications

To exercise these rights, please contact us at support@idtag.in.

8. Cookies and Tracking

We use cookies for:

  • Session management and authentication
  • Security (CSRF protection, state tokens)
  • Remembering your preferences

We do NOT use third-party tracking or advertising cookies.

9. Children's Privacy

IDTAG is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last Updated" date and, where appropriate, by email or through the Service.

12. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at:

Email: support@idtag.in

Back to Login