Effective Date: 23 JAN 2026
This Privacy Policy describes how Protasis ("Protasis", "we", "us", or "our") collects, uses, discloses, and protects personal information in connection with Protasis Arc0 ("Arc0"), including its authentication services, OAuth authorization services, APIs, dashboards, and related offerings (collectively, the "Services").
This Privacy Policy is incorporated by reference into the Protasis Arc0 Terms of Service.
1. Scope
This Privacy Policy applies to personal information processed by Protasis in its role as an identity provider and authentication service. It does not apply to data practices of third-party applications, services, or websites that integrate with Arc0 ("Client Applications").
Client Applications operate independently and are governed by their own privacy policies and practices.
2. Information We Collect
2.1 Information You Provide
We may collect personal information you provide directly, including:
- Name, username, or display name
- Email address
- Passwords or authentication credentials (stored using industry-standard cryptographic hashing)
- Account preferences and settings
- Communications with Protasis
2.2 Authentication and Technical Information
When you access or use the Services, we may automatically collect:
- IP address
- Device identifiers and browser information
- Timestamps and logs related to authentication events
- OAuth authorization decisions and granted scopes
2.3 Information from Client Applications
Client Applications may send us limited information necessary to facilitate authentication or authorization, such as application identifiers, redirect URIs, and requested permission scopes.
3. How We Use Information
We use personal information to:
- Provide, operate, and maintain the Services
- Authenticate users and manage accounts
- Facilitate OAuth authorization flows
- Detect, prevent, and investigate fraud, abuse, and security incidents
- Comply with legal obligations
- Improve and develop the Services
We do not sell personal information.
4. OAuth Data and Client Application Access
When you authorize a Client Application, Arc0 shares only the information and permissions explicitly approved by you during the authorization process.
Protasis does not control and is not responsible for how Client Applications use or further disclose authorized data after it is shared.
5. Legal Bases for Processing (United States)
We process personal information as necessary to:
- Perform contractual obligations under the Terms of Service
- Operate and secure the Services
- Comply with applicable laws and lawful requests
- Protect the rights, safety, and property of Protasis and others
6. Data Retention
We retain personal information only for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
Authentication logs and security records may be retained for extended periods for audit, compliance, and security purposes.
7. Data Security
Protasis implements reasonable administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction.
However, no security system is impenetrable, and we cannot guarantee absolute security.
8. Data Sharing and Disclosure
We may disclose personal information:
- To service providers and vendors acting on our behalf under confidentiality obligations
- To comply with legal obligations, subpoenas, or lawful requests
- To protect the security and integrity of the Services
- In connection with a merger, acquisition, or asset sale
We do not share personal information with third parties for targeted advertising purposes.
9. Your Rights and Choices
Depending on your jurisdiction, you may have the right to:
- Access personal information associated with your account
- Correct inaccurate or incomplete information
- Delete your account, subject to legal and operational requirements
- Revoke OAuth authorizations through your account settings
Requests may be subject to verification of identity.
10. California Privacy Rights
If you are a California resident, you may have rights under the California Consumer Privacy Act ("CCPA") and California Privacy Rights Act ("CPRA"), including the right to know, delete, and correct personal information.
Protasis does not sell or share personal information as defined under California law.
11. Children’s Privacy
The Services are not directed to children under the age of thirteen (13). Protasis does not knowingly collect personal information from children.
If we become aware that personal information has been collected from a child in violation of applicable law, we will take appropriate steps to delete it.
12. International Users
The Services are operated from the United States. If you access the Services from outside the United States, you acknowledge that your information may be transferred to, processed, and stored in the United States.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Changes will be effective as of the updated effective date. Continued use of the Services constitutes acceptance of the revised Privacy Policy.
14. Contact Information
If you have questions about this Privacy Policy or our data practices, please contact:
Protasis Network Technologies
By using Arc0, you acknowledge that you have read and understood this Privacy Policy.