Introduction
Netleap, as a fundamental network service provider, is committed to protecting the privacy of your information. This Privacy Policy informs users of our policies and procedures regarding the collection, use, and disclosure of information received from users of our websites, services, applications, and authentication systems.
This Privacy Policy applies to all data collected through our network infrastructure services, authentication systems, and related services ("Services"). By using Netleap's Services, you consent to the data practices described in this Privacy Policy.
1. Information We Collect
As a fundamental network service provider, we collect information from:
- Service Users: Individuals who use our network and authentication services
- Organization Administrators: Users who manage organizational accounts and settings
- Third-party Applications: Applications that integrate with our authentication services
- API Consumers: Developers and systems that interact with our APIs
The types of information we collect include:
- Account Information:
- Email addresses for account identification and communication
- Usernames for system identification
- Encrypted passwords using industry-standard hashing algorithms
- Multi-factor authentication settings and backup codes
- Account recovery information
- Authentication Data:
- Login timestamps and locations
- Access token metadata and usage patterns
- Session information and device fingerprints
- Authentication method preferences
- Security challenge responses
- Network Usage Data:
- API request patterns and frequencies
- Service access logs and metrics
- Bandwidth usage and network performance data
- Error logs and diagnostic information
- Integration configurations and settings
- Security Information:
- IP addresses and network identifiers
- Device information and browser fingerprints
- SSL/TLS certificate data
- Security audit logs and alerts
- Threat detection and prevention data
2. OAuth2 Authorization Data
As an OAuth2 service provider, we maintain detailed records of:
- Application Authorizations:
- Authorized application identifiers and metadata
- Granted permission scopes and their timestamps
- Application-specific token configurations
- Custom application settings and preferences
- Authentication Events:
- Authorization code generation and usage
- Token issuance and refresh events
- Scope change history and approvals
- Authentication method transitions
- Access Management:
- Token revocation events and reasons
- Permission scope modifications
- Application access history
- Integration status and health metrics
- Security Monitoring:
- Token usage patterns and anomalies
- Rate limiting and abuse detection
- Security incident logs
- Compliance audit trails
3. Use of Information
We use the collected information to:
- Service Operation:
- Maintain secure authentication services
- Process OAuth2 authorization requests
- Manage user sessions and preferences
- Facilitate secure API integrations
- Infrastructure Management:
- Monitor network performance and health
- Optimize service delivery and reliability
- Scale resources based on demand
- Maintain system availability
- Security:
- Detect and prevent unauthorized access
- Identify and respond to security threats
- Protect against fraud and abuse
- Ensure data integrity and confidentiality
- Service Improvement:
- Analyze usage patterns for optimization
- Develop new security features
- Enhance user experience
- Improve system reliability
4. Data Security
As a fundamental network service provider, we implement comprehensive security measures:
- Encryption and Protection:
- TLS 1.3 for all data in transit
- AES-256 encryption for data at rest
- Secure key management systems
- Regular encryption key rotation
- Access Control:
- Role-based access control (RBAC)
- Multi-factor authentication enforcement
- Principle of least privilege
- Regular access reviews
- Monitoring and Auditing:
- 24/7 security monitoring
- Automated threat detection
- Security incident response procedures
- Regular security assessments
- Compliance:
- SOC 2 Type II certification
- ISO 27001 compliance
- GDPR compliance measures
- Regular compliance audits
5. Data Retention and Deletion
We maintain specific data retention policies:
- Active Accounts:
- Account data retained while account is active
- Regular backup and recovery procedures
- Automated data lifecycle management
- Inactive Accounts:
- Account data archived after 12 months of inactivity
- Archived data deleted after 24 months
- Notification before permanent deletion
- Security Logs:
- Authentication logs retained for 12 months
- Security incident logs retained for 36 months
- Compliance audit logs as required by law
6. Your Privacy Controls
We provide comprehensive privacy controls:
- Account Settings:
- Privacy preference management
- Authentication method selection
- Communication preferences
- Data sharing controls
- Application Management:
- View and revoke application access
- Manage permission scopes
- Monitor application usage
- Control token lifecycle
- Data Management:
- Export personal data
- Request data deletion
- Update account information
- Manage security settings
7. Data Sharing and Third Parties
We share information only in the following circumstances:
- Authorized Applications: When you explicitly grant access through OAuth2
- Service Providers: With trusted partners who help operate our infrastructure
- Legal Requirements: When required by law or to protect rights and safety
8. International Data Transfers
As a global network service provider, we may transfer data internationally. We ensure appropriate safeguards are in place through:
- Standard contractual clauses
- Data processing agreements
- Regional data storage options where required
- Compliance with international data protection regulations
9. Regional Privacy Compliance
9.1 Singapore - Personal Data Protection Act (PDPA)
For users in Singapore, we comply with the Personal Data Protection Act 2012 (PDPA). We are committed to:
- Consent: Obtaining your consent before collecting, using, or disclosing your personal data
- Purpose Limitation: Collecting personal data only for purposes that a reasonable person would consider appropriate
- Notification: Informing you of the purposes for which we collect, use, or disclose your personal data
- Access and Correction: Providing you with access to your personal data and allowing you to correct errors
- Accuracy: Making reasonable efforts to ensure your personal data is accurate and complete
- Protection: Making reasonable security arrangements to protect your personal data
- Retention Limitation: Ceasing to retain personal data when it is no longer needed for legal or business purposes
- Transfer Limitation: Ensuring overseas transfers of personal data are protected
9.2 Hong Kong - Personal Data (Privacy) Ordinance
For users in Hong Kong, we comply with the Personal Data (Privacy) Ordinance (PDPO). We ensure:
- Collection Purpose: Personal data is collected for lawful purposes directly related to our functions
- Data Accuracy: Personal data is accurate, up-to-date, and not kept longer than necessary
- Use and Disclosure: Personal data is used only for the purpose for which it was collected unless you consent otherwise
- Security: Practical security measures protect personal data from unauthorized access, processing, erasure, or use
- Transparency: We maintain transparent policies on personal data practices
- Access Rights: You can request access to and correction of your personal data
9.3 Data Protection Officer Contact
For privacy inquiries specific to Singapore or Hong Kong regulations:
- Email: dpo@netleap.org
- Subject Line: [PDPA/PDPO Inquiry]
10. Your Rights and Choices
You have the right to:
- Access and export your personal data
- Correct or update your information
- Delete your account and associated data
- Revoke application authorizations
- Opt-out of non-essential data collection
- Withdraw consent for data processing (where applicable)
- File complaints with relevant data protection authorities
11. Contact Information
For privacy-related inquiries or to exercise your rights, please contact us at:
- Email: support@netleap.org
- Address: 22524 Sambar Loop, Anchorage, Alaska, United States