Effective April 12, 2026 · Last updated April 12, 2026
YouSeemLegit operates an authentication platform accessible at youseemlegit.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Service, either as a business customer ("Client") or as an end user authenticating through a Client's application ("End User").
When an End User authenticates through our Service, we collect: email address, authentication provider used (Google, LinkedIn, or email/password), provider ID, session data, IP address (for security purposes), failed login attempt counts, and timestamps.
We do not collect payment information, browsing history, or device fingerprints beyond what is strictly necessary for security.
When a business registers as a Client, we collect company name, contact information, branding configuration, redirect URIs, API credentials, and usage data.
We use End User data solely to authenticate users on behalf of Clients, maintain secure sessions, detect and prevent fraud, and comply with legal obligations. We do not sell End User data, use it for advertising, or share it across different Clients.
For users in the EEA, we process personal data on the basis of contract performance, legitimate interests (security, fraud prevention), legal obligation, and consent where explicitly obtained.
| Data Type | Retention |
|---|---|
| Active session data | Until session expires (1 hour default) |
| User account data | Until deletion requested or 2 years inactive |
| Authentication logs | 90 days |
| Security logs | 1 year |
| Password reset tokens | 1 hour (auto-expired) |
| Email verification tokens | 24 hours (auto-expired) |
We do not sell personal data. We share data only with service providers necessary to operate the Service: Microsoft Azure (infrastructure), Upstash (rate limiting, IP addresses only), and Resend (transactional email). All providers are contractually bound to protect data.
We implement industry-standard security measures including bcrypt password hashing, HTTPS/TLS encryption, signed JWT tokens, PKCE on OAuth flows, rate limiting, account lockout, and HTTP security headers. No system is completely secure — in the event of a breach we will notify affected parties as required by law.
Depending on your location, you may have the right to access, correct, delete, port, restrict, or object to processing of your personal data. To exercise these rights, contact privacy@youseemlegit.com. We will respond within 30 days.
We use one session cookie (admin_session) for admin dashboard authentication (8-hour duration) and one session cookie (ca_session) for client account dashboard authentication (7-day duration). We do not use tracking, advertising, or analytics cookies.
Our Service is not directed to children under 13. We do not knowingly collect data from children under 13. Contact us immediately if you believe we have done so.
We may update this policy periodically. We will notify Clients of material changes via email. Continued use after changes constitutes acceptance.
Email: privacy@youseemlegit.com
Website: youseemlegit.com