Privacy Policy

Effective date: June 11, 2026

This Privacy Policy describes how PratikP Auth (“we”, “us”, “the service”), operated at auth.pratikp.com, collects and uses information when you sign in with Google to access authorized applications.

1. What this service does

PratikP Auth is a single sign-on (SSO) authentication service for a limited set of private business applications owned or operated by Pratik Pipalia. The service verifies your identity through Google and allows access only to users who have been explicitly authorized in advance.

2. Information we collect

When you choose Sign in with Google, we receive from Google only the information needed to identify you, including:

  • Email address
  • Display name
  • Google account ID (sub)
  • Profile picture URL (if provided by Google)

We request only the following Google OAuth scopes:

  • openid
  • email
  • profile

We do not access your Google password, Gmail, Drive, Calendar, or other Google account data.

3. Information we store

On our secure server we may store:

  • Your Google account ID, email, name, and profile picture URL
  • Login timestamps and active session records
  • Technical data related to your session (IP address, browser user-agent, expiry time)
  • Which authorized application you signed in to

Session data is stored in a private SQLite database on the server and is not publicly accessible.

4. How we use your information

We use this information solely to:

  • Authenticate you and confirm you are on the authorized user allowlist
  • Create and manage sign-in sessions for connected applications
  • Allow administrators to view and revoke active sessions for security
  • Match your Google email to your account on individual connected applications

We do not sell, rent, or trade your personal information.

5. Who can access the service

Access is restricted to a small, pre-approved list of users. If your Google account is not on the allowlist, sign-in will be denied even if Google authentication succeeds.

6. Connected applications

After successful sign-in, you may be redirected to a separate application (for example, a business tool on another subdomain). That application receives your email and a temporary authentication token so it can log you in locally. Each connected application is responsible for its own data handling beyond the SSO handoff.

7. Session duration

  • By default, sessions end when you close your browser.
  • If you select “Keep me signed in”, sessions may remain active for up to 30 days.
  • Administrators may revoke sessions at any time, which forces re-authentication on the next page load.

8. Data retention and deletion

Expired sessions and short-lived authentication codes are deleted automatically. User profile records may be retained while your account remains authorized. To request removal of your data or revocation of access, contact us using the email below.

9. Security

We use HTTPS for all communication, HTTP-only secure cookies where applicable, server-side session validation, and an email allowlist. Configuration secrets and database files are kept outside public web access where possible.

10. Third-party services

Google Sign-In is provided by Google LLC and is subject to Google’s Privacy Policy. We receive only the profile information described above from Google.

11. Changes to this policy

We may update this Privacy Policy from time to time. The effective date at the top of this page will be revised when changes are made.

12. Contact

For questions about this Privacy Policy or to request access removal, contact: drpipalia@gmail.com

© 2026 PratikP Auth. Admin