Privacy Policy

1. Scope

Ledvery is a standalone identity broker and organization ledger. This policy applies to our public website, sign-in flows, organization administration pages, and related hosted APIs that support the Ledvery service.

2. Information We Collect

We may collect the following categories of information:

• Identity and profile information, including name, email address, avatar, organization membership, and identifiers supplied by an upstream identity provider.
• Organization and application data, including organization names, legal names, domains, redirect URIs, application settings, agent records, approval settings, and related administrative metadata.
• Authentication and session data, including cookies, tokens, provider choices, login timestamps, and security events needed to keep the service working safely.
• Device and usage information, including IP address, browser type, operating system, referring URL, requested paths, and approximate timing information.
• Audit and support information, including actions taken in the admin surfaces and information you provide when requesting help.

3. Information We Receive From Third Parties

When you sign in through an upstream provider such as Google or ScaleMule, we receive the information that provider makes available to Ledvery for the sign-in flow, which may include a provider-specific subject identifier, email address, display name, and profile claims.

4. How We Use Information

We use information we collect to:

• Authenticate users and broker sign-in between systems.
• Operate organization, application, domain, agent, approval, and audit features.
• Maintain service integrity, detect abuse, investigate incidents, and enforce security controls.
• Support customers and administrators, troubleshoot problems, and improve reliability.
• Comply with legal obligations and respond to valid legal requests.

5. How We Share Information

We may share information in the following circumstances:

• With service providers and infrastructure vendors that help us host, secure, and operate Ledvery.
• With the organization administrators or application owners that manage the Ledvery environment you use.
• With upstream or downstream identity systems when necessary to complete authentication or account-linking workflows.
• When required by law, legal process, or a good-faith belief that disclosure is necessary to protect the service, users, or others.

We do not sell personal information.

6. Cookies and Similar Technologies

Ledvery uses cookies and related storage mechanisms for essential functions such as session continuity, sign-in flow state, CSRF protection, and remembering where to return a user after authentication. Disabling these features in your browser may prevent core sign-in and administration features from working.

7. Data Retention

We retain information for as long as needed to operate the service, maintain security and audit history, satisfy contractual obligations, and comply with law. Session artifacts are generally short-lived, while organization records and audit history may be retained for longer periods depending on the customer relationship, operational needs, and legal requirements.

8. Data Security

We use administrative, technical, and organizational safeguards designed to protect information from unauthorized access, loss, misuse, or alteration. No system is perfectly secure, and we cannot guarantee absolute security.

9. Your Rights and Choices

Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict certain personal information. If you use Ledvery through an organization, your administrator may be the first point of contact for these requests. We may need to verify your identity before acting on a request.

10. International Transfers

Ledvery may process information in jurisdictions other than the one where you are located. When we do so, we use reasonable steps to protect information in a manner consistent with this policy and applicable law.

11. Children's Privacy

Ledvery is not directed to children under 13, and we do not knowingly collect personal information from children under 13 through the public website or hosted service.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will post the updated version on this page and revise the last updated date above.

13. Contact

For privacy questions or requests, use the support or account channel associated with your Ledvery deployment. If you access Ledvery through an organization, you may also contact your organization administrator.