AuthLN

AUTHLN PRIVACY POLICY

Effective Date: December 1, 2025

This Privacy Policy describes how AuthLN, Inc. (“AuthLN,” “we,” “us,” or “our”) processes personal information in connection with its websites, applications, APIs, and authentication services (collectively, the “Services”).

This Privacy Policy is incorporated by reference into AuthLN’s Terms of Service.

1. Scope & Roles

This Privacy Policy applies to personal information processed through the Services.

  • Customer Role: Customers act as data controllers with respect to personal data they submit to the Services.
  • AuthLN Role: AuthLN acts as a data processor on behalf of Customers and as a data controller only with respect to its own business operations (e.g., billing, marketing, corporate administration).

Where applicable, data processing is governed by AuthLN’s Data Processing Addendum (“DPA”).

2. Information We Process

Depending on configuration and use of the Services, AuthLN may process:

  • Organization-assigned user identifiers (e.g., usernames, IDs)
  • Device identifiers and device-bound authentication credentials
  • Authentication attempts and security telemetry
  • Contact information for administrative or support purposes

AuthLN does not store end-user private cryptographic keys.

3. Purpose of Processing

AuthLN processes personal information solely for the following purposes:

  • Providing and operating the Services
  • Enforcing authentication and access policies
  • Monitoring security events and preventing abuse
  • Supporting customers and improving service reliability
  • Complying with legal and regulatory obligations

4. Blockchain & Payment-Factor Disclosure

Certain authentication configurations may involve economic enforcement mechanisms.

AuthLN:

  • Does not custody customer digital assets
  • Does not store private wallet keys, or offer wallet services
  • Does not act as a money transmitter, broker, custodian, or fiduciary

5. Data Retention

Authentication telemetry and related data are retained no longer than forty-five (45) days by default, unless extended retention is requested by a Customer and documented in an applicable agreement.

Data is deleted or anonymized in accordance with operational and legal requirements.

6. Security Measures

AuthLN implements commercially reasonable administrative, technical, and organizational safeguards designed to protect personal information. Access to personal information is restricted to authorized personnel based on role and job responsibilities and is subject to access control procedures, including authentication and logging controls.

Security practices are aligned with recognized frameworks, including NIST SP 800-53 Rev. 5 and ISO/IEC 27001:2022 Annex A, as appropriate to the nature of the Services.

AuthLN does not guarantee absolute security.

7. Data Classification & Handling

AuthLN maintains internal policies governing the classification and handling of data, including confidential and personal information. Data is classified based on sensitivity and handled in accordance with applicable internal security policies and contractual obligations.

8. Incident Response

AuthLN maintains documented procedures for responding to security incidents, including processes for investigation, mitigation, and notification as required by applicable law or contractual obligation.

9. Data Sharing & Subprocessors

AuthLN may use trusted third-party service providers (“subprocessors”) to support the operation of the Services, including cloud infrastructure, support systems, and communications tools.

AuthLN conducts appropriate due diligence on subprocessors and requires them to maintain security and privacy safeguards through contractual obligations consistent with applicable data protection requirements.

A current list of subprocessors may be provided upon request.

10. International Data Transfers

AuthLN primarily processes data in the United States.

Where personal data is transferred internationally, AuthLN implements appropriate safeguards as required by applicable data protection laws.

11. Individual Rights

Depending on jurisdiction, individuals may have rights regarding their personal information, including the right to access, correct, delete, or restrict processing.

AuthLN does not sell personal information.

Requests to exercise data rights should be submitted through the Customer that controls the data or by contacting AuthLN as described below.

12. Changes to This Policy

AuthLN may update this Privacy Policy from time to time. Material changes will be reflected by updating the effective date.

13. Contact Information

For privacy-related inquiries, contact:

privacy@authln.com

14. Related Documents