Privacy Policy

Last updated: October 3, 2025

This policy describes how we handle authentication data collected through the Wangr market dashboard. We collect and process only the minimum information needed to sign you in and keep your session active.

Data We Collect

When you create an account or sign in, we process the following information:

  • Email address provided through email/password sign-in or Google OAuth.
  • Basic Google profile details (name and avatar) if you choose the Google sign-in option.
  • Authentication tokens and session identifiers stored in secure cookies.
  • IP address, browser details, and timestamp metadata captured as part of authentication events.

How We Use Your Data

  • Authenticate you, manage active sessions, and keep your account secure.
  • Detect suspicious sign-in activity and protect the service from abuse.
  • Provide redirects back to the pages you attempted to access after login.

We request only the minimum permissions needed for sign-in (email and basic profile details) and use that information solely to operate the authentication flow.

We do not sell or share your authentication data with advertisers or other third parties. Data is retained only as long as needed to maintain active sessions and comply with legal obligations.

Third-Party Processors

We rely on trusted providers to deliver authentication securely:

  • Supabase stores authentication records, access tokens, and session metadata on SOC 2 compliant infrastructure. See the Supabase Privacy Policy.
  • Google provides optional OAuth sign-in. When you use this flow, Google shares your email and basic profile information with us. Review the Google Privacy Policy.

These partners process your data solely to authenticate you and keep your session valid. They do not have permission to use your data for unrelated purposes.

Cookie Usage & Retention

Supabase authentication relies on first-party cookies that store session tokens. These cookies are strictly necessary for the service to function and expire when you sign out or when the session naturally lapses (typically within one week unless renewed).

Session records in Supabase are automatically purged when tokens expire or when you request account deletion. Log entries tied to security monitoring may persist longer as required for fraud prevention.

Security Measures

  • All data is transmitted over HTTPS to prevent interception.
  • Session tokens remain encrypted at rest and are scoped to the minimum privileges needed.
  • Supabase infrastructure is SOC 2 certified and managed according to industry best practices.

Your Rights & Choices

Depending on your location, you may have the right to access, correct, or delete the personal data we store about you, as well as the right to withdraw consent for processing.

  • Request a copy of the authentication data associated with your account.
  • Ask us to delete your account and purge related authentication records.
  • Withdraw consent to future processing (which may require closing your account).

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

Policy Updates

We may update this policy as our authentication stack evolves. Significant changes will be announced within the app, and the latest version will always be available on this page.