Security

    Security Overview

    Last updated: February 2, 2026

    PrivacyTermsRefundsData deletionSecurity

    OAuth authentication

    Privly uses OAuth with supported platforms. Users authenticate on the platform’s domain. Privly does not store your platform passwords.

    Token handling

    • Tokens are stored server-side (not in the browser).
    • Tokens are encrypted at rest where supported by the deployment.
    • Tokens can be revoked by disconnecting the integration or removing the app in the platform settings.

    Secrets

    Application secrets (encryption keys, API keys, OAuth client secrets) are stored in secure environment variables on the server. They are never embedded into the client bundle.

    Access controls

    Privly is designed with least-privilege access. Only authenticated users can access their workspace data. Team roles may be added in future releases.

    Logging & monitoring

    We may collect operational logs and metrics to maintain reliability, diagnose issues, and detect abuse. These logs are restricted and retained for limited periods.

    Reporting security issues

    Please report suspected vulnerabilities to [email protected].