LEGAL

Privacy Policy

Last updated: February 1, 2026

At Zalt.io, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our authentication services.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Password (stored as a secure hash using Argon2id)
  • Name (optional)
  • Profile information you choose to provide

Authentication Data

To provide secure authentication, we collect:

  • Device fingerprints for session security
  • IP addresses for security monitoring
  • Login timestamps and session information
  • MFA device registrations (WebAuthn credentials, TOTP secrets)

Usage Data

We automatically collect certain information about your use of our services:

  • Browser type and version
  • Operating system
  • Pages visited and features used
  • Time and date of access

2. How We Use Your Information

We use the information we collect to:

  • Provide and maintain our authentication services
  • Detect and prevent fraud, abuse, and security threats
  • Improve and personalize your experience
  • Communicate with you about service updates
  • Comply with legal obligations
  • Enforce our terms of service

3. Data Sharing

We do not sell your personal information. We may share your information with:

  • Service Providers: AWS for infrastructure, email delivery services
  • Your Organization: If you use Zalt through an organization, administrators may access certain account information
  • Legal Requirements: When required by law or to protect our rights

4. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Audit logs are retained for compliance purposes (typically 7 years for HIPAA-covered entities).

You can request deletion of your account and associated data at any time, subject to legal retention requirements.

5. Your Rights

Depending on your location, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data
  • Export your data in a portable format
  • Object to certain processing
  • Withdraw consent

To exercise these rights, contact us at privacy@zalt.io.

6. Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Argon2id password hashing with high memory cost
  • Multi-factor authentication options
  • Regular security audits and penetration testing
  • SOC 2 Type II compliance

7. Contact Us

If you have questions about this Privacy Policy, please contact us: