BluAuth
Back to login

Privacy Policy

Last updated: March 30, 2026

Introduction

Blu Digital Group ("we," "us," or "our") operates BluAuth, a centralized identity broker that provides authentication and identity services for connected applications within the Blu ecosystem. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use BluAuth.

By using BluAuth, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the service.

Information We Collect

Account Information

When you sign in through BluAuth, we collect information provided by your identity provider (such as Google or GitHub), which may include:

  • Your name and email address
  • Profile picture URL
  • Unique account identifiers from your identity provider

Authentication Data

We collect data necessary to authenticate you and maintain your session:

  • Session tokens and their expiration timestamps
  • Login and logout timestamps
  • OAuth tokens issued by identity providers (encrypted at rest)

Technical Data

We automatically collect certain technical information when you interact with BluAuth:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Referring URL

How We Use Your Information

We use the information we collect to:

  • Authenticate you — verify your identity and provide secure access to connected applications within the Blu ecosystem.
  • Maintain your session — keep you signed in across connected applications and manage session lifecycle.
  • Secure your account — detect unauthorized access, prevent abuse, and protect the integrity of the service.
  • Monitor service reliability — track errors and performance issues through Sentry to ensure the service operates correctly.
  • Comply with legal obligations — respond to lawful requests from authorities when required.

Information Sharing

We do not sell your personal information. We share information only in these circumstances:

  • Connected applications — when you authorize access, we share identity claims (such as your name, email, and account identifier) with applications in the Blu ecosystem that you sign in to.
  • Identity providers — we exchange only the data necessary to complete authentication with your chosen identity provider (Google, GitHub, etc.).
  • Sentry — error and performance data (which may include technical data such as IP address and browser information) is sent to Sentry for service reliability monitoring. Sentry's privacy practices are governed by their own privacy policy.
  • Legal requirements — we may disclose information if required by law, regulation, or valid legal process.

Data Storage and Security

Your data is stored on infrastructure hosted by Amazon Web Services (AWS). We employ industry-standard security measures to protect your information:

  • Provider secrets and OAuth tokens are encrypted using AWS Key Management Service (KMS).
  • Session data is stored in encrypted, short-lived tokens.
  • Database connections are encrypted in transit.
  • Access to production systems is restricted to authorized personnel.

Data Retention

  • Account data is retained for as long as your account is active. If you request account deletion, your data will be permanently removed.
  • Session data expires automatically based on configured session lifetimes and is purged after expiration.
  • Technical logs are retained for a limited period for security and debugging purposes, then automatically deleted.

Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete your account and associated personal data.
  • Export your data in a portable format.
  • Withdraw consent for data processing, where consent is the legal basis for processing.

To exercise any of these rights, contact us using the information provided below.

Children's Privacy

BluAuth is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. Continued use of BluAuth after changes are posted constitutes acceptance of the revised policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact Blu Digital Group at:

Email: privacy@bludigitalgroup.com

© 2026 Blu Digital Group
Privacy PolicyTerms of Service