PersonID

Privacy Policy

Last updated: June 3, 2026

1. Information We Collect

When you create a PersonID account, we collect the following information:

  • Account Information: Display name, email address, and hashed password (if using email/password sign-in).
  • OAuth Profile Data: When signing in via Google or other providers, we receive your name, email address, and profile picture from that provider.
  • Usage Data: IP addresses, browser type, device information, and timestamps of authentication events for security and audit purposes.

2. How We Use Your Information

We use your information solely for the following purposes:

  • Authenticating your identity across PEI ecosystem applications (SkillShop, Bookora, Novium, Academy, and others).
  • Maintaining your account and providing single sign-on (SSO) functionality.
  • Security monitoring, fraud prevention, and audit logging.
  • Communicating essential account-related information (password resets, email verification, security notices).

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Data Storage and Security

Your data is stored on Cloudflare's global infrastructure (D1, KV, R2) with encryption at rest and in transit. Passwords are hashed using PBKDF2-SHA512. We use industry-standard security practices including:

  • TLS 1.3 for all data in transit
  • JWT RS256 for session tokens
  • Rate limiting on authentication endpoints
  • Audit logging of all authentication events

4. Data Retention

We retain your account information for as long as your account is active. When you delete your account, associated data is permanently removed within 30 days. Audit logs may be retained for up to 90 days for security purposes.

5. Your Rights

You have the right to:

  • Access and view your personal data
  • Update or correct your account information
  • Disconnect linked identity providers
  • Delete your account and associated data
  • Request a copy of your data

6. Third-Party Services

PersonID integrates with third-party identity providers (Google, GitHub, Microsoft, Apple). When you sign in through these providers, their respective privacy policies apply to the data they process. We only receive the information you authorize them to share.

7. Cookies

We use essential cookies for authentication and security:

  • Session cookies: To maintain your authenticated session across applications (SSO).
  • CSRF tokens: To protect against cross-site request forgery attacks.
  • OAuth state cookies: To prevent authorization code interception during OAuth flows.

We do not use tracking cookies or analytics cookies.

8. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Email: privacy@personid.work
Data Protection Officer: dpo@personid.work