Borbytes operates a central sign-in service at auth.borbytes.com that lets you log in to Borbytes applications using your Google account. This policy explains what we do with your information.
When you sign in, Google shares a limited profile with us:
We do not request, collect, or store passwords or any other data from your Google account.
This information is used solely to identify you across Borbytes applications and to display your name and picture inside those apps. We do not sell, rent, or share it with third parties, and we do not use it for advertising.
The sign-in service is stateless. We do not keep a database of users. After you authenticate, your profile is packed into a signed token (JWT) and stored only in a cookie in your own browser on the .borbytes.com domain. The token expires automatically after 7 days. Individual Borbytes applications may keep their own minimal records (for example, an access allowlist of email addresses); each application is responsible for its own data.
We set a single borbytes_auth cookie containing your session token. It is HTTP-only, secure, and used only to keep you signed in. No tracking or analytics cookies are set by this service.
You can sign out at any time at auth.borbytes.com/logout, which deletes the cookie. You can also revoke Borbytes' access from your Google account permissions. To request deletion of any data, see our Data Deletion instructions.
Questions about this policy: info@borbytes.com.