← Back to reauth.dev

Privacy Policy

Last updated: February 20, 2026

1. Introduction

TQDM Inc. ("Company", "we", "us"), located at 1111B S Governors Ave, STE 23256, Dover, DE 19904, USA, operates the reauth.dev platform ("Service"), an authentication, billing, and email infrastructure platform. This Privacy Policy explains how we collect, use, and protect your personal data when you use our Service.

This policy applies to two categories of users: platform customers who manage domains through our dashboard, and end users who authenticate through domains powered by reauth.dev.

2. Data We Collect

Platform Customers

  • Email address (for account creation and authentication)
  • OAuth profile data (name, email) when signing in with Google or X
  • Payment information (processed by Stripe; we do not store card details)
  • Domain configuration and API key metadata
  • Usage data (API calls, authentication events, billing events)

End Users

  • Email address (for magic link authentication)
  • OAuth profile data (name, email, profile picture) from Google or X when used
  • Session tokens and authentication state
  • IP address and user agent (for security and rate limiting)

Automatically Collected

  • Server access logs (IP address, request path, timestamps)
  • Analytics data via Umami (privacy-focused, cookie-free analytics)
  • Error and performance metrics

3. How We Use Your Data

  • Provide and maintain the Service (authentication, billing, email delivery)
  • Process payments and manage subscriptions
  • Send transactional communications (magic links, account notifications)
  • Prevent abuse, fraud, and unauthorized access
  • Monitor and improve Service performance and reliability
  • Comply with legal obligations

4. Third-Party Services

We share data with the following third-party services as necessary to provide the Service:

Stripe

Payment processing and subscription management. Stripe receives payment details, email, and billing information. Stripe Privacy Policy

Google

OAuth authentication. When users sign in with Google, we receive their name, email, and profile picture. Google Privacy Policy

X (Twitter)

OAuth authentication. When users sign in with X, we receive their username, display name, and profile information. X Privacy Policy

Resend

Transactional email delivery. Resend processes email addresses and message content for magic link and notification emails. Resend Privacy Policy

Umami

Privacy-focused web analytics. Umami does not use cookies and does not collect personally identifiable information. Umami Privacy Policy

5. Cookies and Session Storage

We use the following cookies and storage mechanisms:

  • Session cookies — HTTP-only cookies for authentication tokens (access token and refresh token)
  • Theme preference — localStorage entry for dark/light mode preference

We do not use tracking cookies or advertising cookies. Our analytics (Umami) are cookie-free.

6. Data Storage and Security

Data is stored in PostgreSQL databases and Redis caches hosted on our infrastructure. Sensitive data (API keys, payment references) is encrypted at rest. All data is transmitted over TLS-encrypted connections.

We implement industry-standard security measures including rate limiting, input validation, CSRF protection, and secure cookie attributes (HttpOnly, Secure, SameSite).

7. Data Retention

  • Account data is retained for the lifetime of your account plus 30 days after deletion
  • Authentication logs are retained for 90 days
  • Server access logs are retained for 30 days
  • Payment records are retained as required by tax and financial regulations

8. Your Rights

You have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Deletion — request deletion of your account and associated data
  • Export — request your data in a machine-readable format
  • Restriction — request that we limit processing of your data
  • Objection — object to processing based on legitimate interests

To exercise any of these rights, contact us at contact@tqdm.org. We will respond within 30 days.

9. International Transfers

Our servers are located in the European Union. If you access the Service from outside the EU, your data will be transferred to and processed in the EU.

10. Children's Privacy

The Service is not directed at children under 18. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will take steps to delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. The "Last updated" date at the top indicates the most recent revision.

12. Contact

For questions or concerns about this Privacy Policy or our data practices, contact us at contact@tqdm.org.

Terms of Service·Pricing