Privacy Policy

1. Information We Collect

We collect information you provide directly when using MyDay SSO:

• Account Information: Name, email address, and password
• Profile Data: Optional information like phone number and organization
• Authentication Data: Login timestamps, session information, and IP addresses

2. How We Use Your Information

• Authenticate your identity across connected applications
• Maintain and secure your account
• Send security alerts and important notifications
• Detect and prevent fraudulent activity
• Comply with legal obligations

3. Data Security

We implement enterprise-grade security measures to protect your data:

• 256-bit encryption for data in transit and at rest
• Secure password hashing using industry-standard algorithms
• Rate limiting to prevent brute-force attacks
• Compromised password detection via HaveIBeenPwned
• Regular security audits and penetration testing

4. Data Sharing

We do not sell your personal information. We may share data only:

• With applications you authorize via SSO
• With service providers who assist our operations
• When required by law or to protect rights

5. Your Rights

Depending on your location, you may have rights to:

• Access your personal data
• Correct inaccurate information
• Delete your account and associated data
• Export your data in a portable format
• Opt out of certain data processing

6. Cookies and Tracking

We use essential cookies for authentication and session management. These are necessary for the service to function and cannot be disabled.

7. Data Retention

We retain your account data as long as your account is active. Authentication logs are retained for security purposes for up to 90 days. You may request deletion of your account at any time.