AntsPrivacy Policy
Last updated: 22 June 2026 · Effective: 22 June 2026
This Privacy Policy (“Policy”) explains how Ants (“Ants”, “we”, “us”, or “our”) collects, uses, discloses, and safeguards personal data when you access or use our authentication and user-management platform, including the dashboard, APIs, SDKs, documentation, and related websites and services (collectively, the “Service”). It also describes the rights and choices available to you regarding your personal data.
The Service involves two distinct audiences, and this Policy addresses both:
- Developers— individuals or organizations that hold an Ants account and integrate the Service into their own applications; and
- End users— individuals who authenticate through applications built by Developers on the Ants platform.
Please read this Policy together with our Terms of Service and our Cookie Policy.
1. Who is responsible for your data (controller / processor)
Data-protection law distinguishes between a controller (who decides why and how personal data is processed) and a processor(who processes data on the controller’s instructions). Ants’ role depends on the data in question:
- For Developer account data, Ants is the controller. This Policy is our notice to you for that data.
- For End-user data processed through a Developer’s application, Ants acts as a processor on behalf of the Developer, who is the controller. The Developer is responsible for establishing a lawful basis, providing privacy notices, and handling rights requests for its end users. End users should direct privacy requests to the Developer operating the application they use.
Where Ants acts as a processor, our processing is governed by the agreement (including any Data Processing Addendum) between Ants and the relevant Developer.
2. Personal data we collect
2.1 Data you provide directly (Developers)
- Account and profile data: name, email address, and a securely hashed password. If you sign in with Google, we receive your Google account identifier, email address, name, and profile picture.
- Organization and configuration data: organization or project names, environments, team members, roles and permissions, application settings (such as redirect URLs and allowed origins), and API keys you generate.
- Support and communications: the contents of messages you send us and any information you choose to include.
- Billing data (paid plans, if any): billing contact details and transaction records. Card details are handled by our payment processor; we do not store full card numbers.
2.2 End-user data (processed on behalf of Developers)
- identifiers, email address, name, and avatar of the Developer’s end users;
- authentication events, session records, and role/permission assignments; and
- any additional attributes the Developer chooses to store via the Service.
2.3 Data collected automatically
- Technical and device data: IP address, browser and device type, user agent, and operating system.
- Usage and log data: timestamps, requests made, features used, and diagnostic data.
- Security and audit data: sign-in attempts, audit trails, and abuse- and fraud-detection signals needed to operate and protect the Service.
- Cookies and similar technologies: as described in our Cookie Policy.
We do not intentionally collect special categories of personal data (such as health, biometric, or political data) and ask that you do not submit such data through the Service.
3. How we use personal data
We use personal data to:
- provide, operate, and maintain authentication, session management, and account features;
- create, secure, and administer Developer accounts and organizations;
- secure the Service, prevent and detect fraud and abuse, and maintain audit trails;
- provide customer support and respond to your requests;
- send service-related and administrative communications;
- monitor, analyze, and improve the Service and develop new features;
- process payments and manage billing (where applicable); and
- comply with legal obligations and enforce our Terms.
4. Legal bases for processing (EEA / UK)
If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR and UK GDPR when we act as a controller:
| Purpose | Legal basis |
|---|---|
| Providing and administering your account and the Service | Performance of a contract (Art. 6(1)(b)) |
| Security, fraud prevention, audit logging, and improving the Service | Legitimate interests (Art. 6(1)(f)) |
| Service and administrative communications | Performance of a contract / legitimate interests |
| Complying with legal obligations (e.g., tax, security) | Legal obligation (Art. 6(1)(c)) |
| Optional communications where required by law | Consent (Art. 6(1)(a)), which you may withdraw at any time |
5. Sign in with Google
When you choose “Continue with Google”, Google shares the basic profile information described in Section 2 so we can create or link your Ants account. We request only the openid, email, and profilescopes. We do not post to your Google account or access any other Google data. Ants’ use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Your use of Google sign-in is also subject to Google’s Privacy Policy.
6. How we share personal data
We do not sell personal data, and we do not share personal data for cross-context behavioral advertising. We disclose personal data only as described below:
- Sub-processors and service providers that help us run the Service (for example, hosting, database, email delivery, and payment processing), under contracts that require appropriate confidentiality and security safeguards.
- With the relevant Developer, where we act as a processor for end-user data.
- Legal and safety: when required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Ants, our users, or others.
- Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.
7. International data transfers
We may process and store personal data in countries other than the one in which you reside. Where we transfer personal data out of the EEA, the UK, or Switzerland to a country without an adequacy decision, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and the UK Addendum where applicable), together with supplementary measures as needed.
8. Data retention
We retain personal data for as long as your account is active or as needed to provide the Service, and thereafter only as necessary to comply with legal obligations, resolve disputes, prevent fraud and abuse, and enforce our agreements. When personal data is no longer required, we delete or anonymize it. Security and audit logs are retained for a limited period appropriate to their purpose. For end-user data processed on a Developer’s behalf, retention is governed by the Developer’s instructions and configuration.
9. Security
We maintain technical and organizational measures designed to protect personal data, including encryption in transit and at rest, password hashing, scoped API keys, least-privilege access controls, secure session cookies, and monitoring and audit logging. No method of transmission or storage is completely secure; while we work to protect your information, we cannot guarantee absolute security. If we become aware of a personal data breach that affects you, we will notify you and the relevant authorities as required by applicable law.
10. Your privacy rights
10.1 EEA / UK (GDPR)
Subject to applicable law, you have the right to access, rectify, erase, restrict, or object to processing of your personal data; the right to data portability; and the right to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with your local supervisory authority.
10.2 California (CCPA/CPRA)
If you are a California resident, you may have the right to know and access the personal information we collect, to request deletion or correction, and to opt out of the “sale” or “sharing” of personal information. We do not sell or share personal information as those terms are defined under the CPRA. You have the right not to receive discriminatory treatment for exercising your rights.
10.3 How to exercise your rights
To exercise these rights, contact us using the details in Section 14. We will verify your request and respond within the timeframes required by applicable law. You may use an authorized agent where permitted. End usersof a Developer’s application should direct requests to that Developer, who is the controller of their data; we will assist the Developer as their processor.
11. Children’s privacy
The Service is not directed to children, and we do not knowingly collect personal data from children under the age required by applicable law (for example, 16 in the EEA or 13 in the United States) without appropriate consent. If you believe a child has provided us personal data, please contact us and we will take appropriate steps to delete it.
12. Cookies and similar technologies
We use strictly necessary cookies to keep you signed in and to secure the Service. We do not use advertising or third-party tracking cookies. For full details, see our Cookie Policy.
13. Changes to this Policy
We may update this Policy from time to time. When we make material changes, we will revise the “Last updated” date above and, where appropriate, provide additional notice through the Service or by email. Your continued use of the Service after the changes take effect constitutes acceptance of the updated Policy.
14. Contact us
For privacy questions, requests, or to exercise your rights, contact us at adventnurutech@gmail.com. If we are unable to resolve your concern, you may have the right to contact your local data-protection authority.