Privacy Policy

A single Polyms account lets you sign in once and access every connected app in the ecosystem. To make that possible, we act as the central place where your identity, sessions, and security settings live.

We aim to collect only what we need to authenticate you, keep your account secure, and pass the minimum necessary information to the apps you authorize. We do not sell your personal information.

We collect the following categories of information to operate the identity provider.

Account information

Your name, email address, profile photo, and password (stored only as a salted hash). If you sign in with a third-party provider such as Google, we receive the basic profile and email that provider shares.

Authentication & security data

Credentials and security factors such as passkeys, linked accounts, sign-in events, and password reset requests, used to verify it is really you and to protect your account.

Usage & log data

Records of how you interact with the sign-in service — for example sign-in and sign-out events, which app initiated a request, and consent decisions — kept for security, troubleshooting, and audit.

Device & connection data

Technical information such as IP address, browser and device type, and approximate location derived from your IP, used to detect suspicious activity and keep sessions secure.

We use the information we collect to:

• Authenticate you and create and maintain secure sign-in sessions across Polyms apps.
• Share the minimum necessary identity claims with apps you choose to sign in to.
• Protect your account and the ecosystem by detecting, preventing, and responding to fraud, abuse, and security incidents.
• Provide support, respond to your requests, and send essential service messages such as password resets and security alerts.
• Meet our legal, regulatory, and audit obligations.

When you sign in to a Polyms or partner app with your Polyms Account, we share identity information so that app can recognize you. For first-party apps within the Polyms family this happens automatically; for other apps you may be asked to review and consent first.

Depending on the app and the scopes it requests, the information shared may include:

• Your basic profile — such as user ID, name, email, and profile photo.
• Subscription and entitlement claims — which Polyms plans are active for that app, so it can unlock the right features.
• Tokens that confirm your sign-in, issued and verified through our standard OAuth 2.x / OpenID Connect endpoints.

We share information with service providers (such as payment and email infrastructure) only as needed to run the service, and when required by law. We do not sell your personal information.

We use strictly necessary cookies to keep you signed in and to remember preferences such as your language. Session cookies are set as httpOnly and Secure where applicable so they cannot be read by scripts. These cookies are essential to the sign-in service and cannot be turned off without breaking it.

We keep your account information for as long as your account is active. Security and audit logs are retained for a limited period needed for fraud prevention, troubleshooting, and legal compliance, after which they are deleted or anonymized. When you delete your account, we remove or anonymize associated personal data, except where we must retain it to meet legal obligations.

We apply industry-standard safeguards including encryption in transit, hashed passwords, signed tokens, httpOnly session cookies, and support for passkeys and strong authentication. No method of transmission or storage is perfectly secure, so we also encourage you to use a strong, unique password and enable passkeys.

Depending on where you live, you may have the right to:

• Access, correct, or update the personal information in your account.
• Delete your account and associated personal data.
• Disconnect linked accounts or revoke an app's access to your identity.
• Object to or restrict certain processing, and lodge a complaint with a data protection authority.

Polyms operates globally, so your information may be processed in countries other than the one where you live. Where we transfer data across borders, we use appropriate safeguards to protect it consistent with this policy and applicable law.

The Polyms Account service is not directed to children under the age required by your local law to consent to online services, and we do not knowingly collect their personal information. If you believe a child has provided us information, please contact us so we can remove it.

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you. Your continued use of your Polyms Account after an update means you accept the revised policy.

If you have questions about this Privacy Policy or how we handle your information, reach us at one of our offices or by email:

• HCM City, Viet Nam

  5A Tan Vien Street, Tan Phu District

Email: hello@polyms.dev