Privacy Policy

1. Information We Collect

Information You Provide

• Account information (email address, password hash)
• Profile information (display name)
• OAuth application details (when you register applications)
• Passkey/WebAuthn credentials (stored securely, biometric data never leaves your device)

Automatically Collected Information

• Usage analytics via Vercel Analytics (privacy-friendly, no personal identification)
• Authentication session data (encrypted iron-session cookies)
• IP address for security purposes
• Browser user agent information (for device name detection in passkey setup)
• WebAuthn challenge data (temporary, stored only during authentication flow)

2. How We Use Your Information

We use your information to:

• Provide OAuth authentication services to Moopy applications
• Enable passkey-based authentication for enhanced security
• Manage your OAuth applications and authorized clients
• Send important service updates and security notifications
• Ensure platform security and prevent abuse
• Improve our authentication services

3. Information Sharing

We do not sell your personal information. We may share information:

• With authorized OAuth applications you explicitly consent to
• When required by law or to protect our rights
• With service providers who help us operate the platform (Vercel, database hosting)
• In connection with a business transfer or acquisition

Important: Your biometric data (Face ID, Touch ID) never leaves your device. We only store the public key component of your passkey credentials.

4. OAuth Data Sharing

When you authorize a third-party application using "Sign in with Moopy":

• You explicitly consent to share specific information with that application
• The application receives only the scopes you approve (profile, email, etc.)
• You can revoke access at any time from your dashboard
• We log all authorization grants for security auditing

5. Data Security

We implement industry-standard security measures:

• Passwords are hashed using bcrypt with salt rounds of 12
• Sessions are encrypted using iron-session
• Passkey credentials use WebAuthn/FIDO2 standard with public-key cryptography
• All connections use HTTPS encryption
• OAuth tokens are securely generated and time-limited

However, no internet transmission is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your information as long as your account is active or as needed to provide services. When you delete your account, we will delete your personal information, including:

• User profile and email
• Passkey credentials
• OAuth applications you created
• Active sessions and tokens

Some information may be retained for legal or legitimate business purposes (e.g., audit logs).

7. Third-Party Services

Our platform integrates with the following third-party services:

• Vercel Analytics - Anonymous usage analytics (no cookies, no personal data)
• PostgreSQL Database - Data storage (encrypted at rest)
• SimpleWebAuthn - Open-source library for passkey implementation

Each service has its own privacy policy. We only share the minimum necessary information.

8. International Users

Moopy is operated by Seneris B.V., a Dutch company. Our services are hosted on Vercel's global infrastructure. By using our service, you consent to the transfer and processing of your information in jurisdictions where our service providers operate, including the European Union and the United States.

9. Children's Privacy

Our service is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If we discover such data, we will delete it promptly.

10. Changes to Privacy Policy

We may update this privacy policy from time to time. We will notify users of significant changes via email or platform notification. Continued use after changes constitutes acceptance.

11. Your Rights (GDPR/AVG)

Under the General Data Protection Regulation (GDPR) and Dutch Data Protection Act (AVG), you have the following rights:

• Right to Access - View all your personal data stored in our system
• Right to Rectification - Update your information through your profile settings
• Right to Deletion - Delete your account and all associated data
• Right to Data Portability - Export your data in machine-readable format
• Right to Object - Object to certain processing activities
• Right to Withdraw Consent - Revoke OAuth authorizations at any time
• Right to Lodge a Complaint - Contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

13. Data Protection Officer

For privacy-related inquiries, please contact our data protection team at: privacy@moopy.nl