Privacy Policy

Last updated: February 16, 2026

This Privacy Policy explains how Azirid ("we", "us", or "our") collects, uses, and protects information when you use the Azirid identity platform, APIs, dashboard, and related services (the "Service").

1. Information We Collect

1.1 Account Information

When you register we collect your name, email address, and organization name. If you subscribe to a paid plan we also collect billing details through our payment processor.

1.2 Customer Data

As an identity platform, we process data you and your end-users submit, including user profiles, authentication events, roles, permissions, and tenant configurations. You control what data is sent to the Service through your integration.

1.3 Usage & Log Data

We automatically collect request logs, IP addresses, browser/device information, and API usage metrics. This data is used for security monitoring, debugging, and service improvement.

1.4 Cookies

The Azirid dashboard uses strictly necessary cookies for session management and authentication. We do not use advertising or third-party tracking cookies.

2. How We Use Your Information

Provide, operate, and maintain the Service.
Authenticate users and enforce access control policies.
Monitor for security threats and prevent abuse.
Generate anonymized, aggregate analytics to improve the Service.
Communicate with you about your account, updates, and support.
Comply with legal obligations.

3. Multi-Tenant Data Isolation

Customer Data is logically isolated per tenant. We enforce strict access controls so that one tenant's data is never accessible to another tenant. Our architecture is designed to prevent cross-tenant data leakage at the API, storage, and application layers.

4. Data Sharing

We do not sell your personal information. We may share data with:

Infrastructure providers — hosting, database, and CDN services that process data on our behalf under strict data processing agreements.
Payment processors — to handle billing for paid plans.
Law enforcement — only when required by a valid legal process (e.g., court order or subpoena).

5. Data Security

We implement technical and organizational measures to protect your data, including:

Encryption in transit (TLS 1.2+) and at rest (AES-256).
Regular penetration testing and vulnerability assessments.
Role-based access control for internal systems.
Immutable audit logs for all administrative actions.
Automated secret rotation and key management.

6. Data Retention

We retain your Customer Data for as long as your account is active. After account termination, data is deleted within 30 days unless retention is required by law. Audit logs may be retained for up to 12 months for security and compliance purposes.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you.
Request correction of inaccurate data.
Request deletion of your data.
Export your data in a portable format.
Object to or restrict certain processing activities.

To exercise any of these rights, contact us at [email protected].

8. International Data Transfers

Your data may be processed in jurisdictions outside your country of residence. We ensure appropriate safeguards (e.g., standard contractual clauses) are in place for any international data transfers.

9. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-dashboard notice at least 30 days in advance. The "Last updated" date at the top reflects the most recent revision.

11. Contact

Questions or concerns about this Privacy Policy? Reach us at [email protected].