Privacy Policy for Sesame Auth

Last updated: 20th August 2024

Aipomage Green ("we", "us", or "our") operates the Sesame Auth mobile application (the "Service"). This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

1. Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you.

Types of Data Collected:

a. Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). This includes:

Email address
Images
Typing Behaviour

It's important to note that email addresses and images are stored locally on your device and are never transmitted to our servers.

b. Usage Data

We may also collect information that your device sends whenever you use our Service ("Usage Data"). This Usage Data may include information such as your device's Internet Protocol address (e.g., IP address), device type, operating system version, the time and date of your use of the Service, and other diagnostic data.

2. Passwordless Authentication Process

Our app uses a combination of asymmetric cryptography, steganography, and behavioral & physiological biometrics for authentication, eliminating the need for traditional passwords. Here's how it works:

Account Creation: You create an account on a service that has implemented our system using only your email and any other data required by that service.
App Registration: You install our app and create an account for that service within the app. During this process:
- Your typing pattern is captured for account recovery purposes.
- You upload an image, which is embedded with a public key unique to your account and an ID representing your captured typing pattern.
- The typing pattern capture is performed by an external API.
- All communication between the app and any server is encrypted using public key encryption.
Login Process: When logging in to a service:
- You enter your email address on the service's website.
- You receive a notification on our app to verify the login.
- You provide an OTP generated by the app to complete the login.

3. Use of Data

We use the collected data for various purposes:

To provide and maintain the Service.
To notify you about changes to our Service.
To allow you to participate in interactive features of our Service when you choose to do so.
To provide customer support.
To gather analysis or valuable information so that we can improve the Service.
To detect, prevent, and address technical issues.
To monitor the usage of the Service.
To ensure the security of our Service.

4. Third-Party Services and APIs

Our app integrates with the following third-party services:

Typing Pattern Capture API: This API captures your typing pattern and provides a unique ID representing your typing pattern.
Services that have implemented our passwordless authentication system, which need to be informed of their users who install the app

5. Data Retention and Deletion

We do not retain any of your personal data on our servers. All data is codified in public keys and unique IDs. In the event of a security breach of our system, we do not hold any plaintext data of our app users.

6. Transfer of Data

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

7. Disclosure of Data

We may disclose your Personal Data in the good faith belief that such action is necessary to:

To comply with a legal obligation.
To protect and defend the rights or property of our Aipomage Green
To prevent or investigate possible wrongdoing in connection with the Service.
To protect the personal safety of users of the Service or the public.
To protect against legal liability.

8. Security of Data

The security of your data is important to us. We use commercially acceptable means to protect your Personal Data, including:

Local storage of sensitive information on your device
Public key encryption for all communication between the app and servers
Use of asymmetric cryptography and steganography for data protection

However, please be aware that no method of transmission over the internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

9. Your Rights

You have the right to:

Access, update, or delete the information we have about you.
Have any errors in your information rectified.
Object to the processing of your data.
Request that we delete your data.
Restrict the processing of your data.
Request that we transfer a copy of your data to another organization.
Withdraw your consent at any time.

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this Privacy Policy.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us:

By email: dev@aipomage.com