Legal

Privacy

Placeholder — this page's final copy hasn't been written yet. What's below is accurate but minimal.

Last updated — pending launch

oauth.work processes the identity data your organization configures: user profiles, group membership, and authentication events for the tenants you operate. We are a processor for that data; you remain the controller.

What we store

  • Tenant configuration, users, groups, and roles you provision (directly or via SCIM).
  • Authentication and authorization events, in a signed audit log.
  • Cryptographic keys — per-tenant private keys are envelope-encrypted at rest.

What we don't do

  • No selling of personal data. No ad-tech. No third-party tracking on this site.

The full, lawyer-reviewed policy lands with general availability. Questions in the meantime: hello@oauth.work.