← Back to Home

Privacy Policy

Last Updated: June 29, 2025

1. Introduction

Welcome to Aham, the cross-domain authentication system for the brah.ma ecosystem. This Privacy Policy explains our practices regarding the collection, use, and disclosure of personal information when you use our authentication services across our ecosystem.

By using our authentication services, you agree to the collection and use of information in accordance with this policy. We will not use or share your information with anyone except as described in this Privacy Policy.

2. Information Collection and Use

To provide our authentication services, we collect several different types of information for various purposes:

2.1 Information You Provide

  • Account Information: When you register, we collect information such as your name, email address, and password (securely hashed).
  • Profile Information: Additional profile information you choose to provide, such as profile pictures or display names.
  • Communication Data: Information you provide when contacting us for support.

2.2 Authentication Providers

When you choose to authenticate using third-party services, we may receive information from these providers:

  • Google: Email, name, profile picture, and Google ID
  • Facebook: Email, name, profile picture, and Facebook ID
  • LinkedIn: Email, name, profile picture, and LinkedIn ID
  • Apple: Email, name, and Apple ID
  • Pinterest: Email, name, profile picture, and Pinterest ID
  • GitHub: Email, name, profile picture, and GitHub ID
  • WhatsApp: Phone number and verification tokens
  • Mobile Authentication: Phone number and verification data
  • Web3/Crypto Wallets: Public wallet addresses and signed messages

2.3 Automatically Collected Information

  • Usage Data: Information on how you access and use our services
  • Device Information: Device type, operating system, browser type
  • IP Address: For security and fraud prevention
  • Cookies and Similar Technologies: Used for session management and security

3. Use of Data

We use the collected data for various purposes:

  • To provide and maintain our authentication services
  • To notify you about changes to our service
  • To provide customer support
  • To detect, prevent, and address technical issues
  • To protect against fraudulent or unauthorized activity
  • To enable cross-domain authentication within our ecosystem
  • To enable the karma point system

4. Data Storage and Security

Your information is securely stored using industry-standard encryption and security practices:

  • Passwords are securely hashed and never stored in plain text
  • JWT (JSON Web Tokens) are used for secure session management
  • We implement security measures like rate limiting and fraud detection
  • Access to personal data is strictly limited and monitored
  • We regularly review our security practices and update them as needed

5. Data Sharing

We may share your personal information with:

  • Services within our ecosystem: To facilitate cross-domain authentication across *.brah.ma domains
  • Service Providers: Third-party companies that assist in operating our services
  • Legal Requirements: When required by law, court order, or governmental regulations
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: In other cases with your explicit consent

6. Third-Party Authentication Services

Our service allows you to authenticate using various third-party providers. When you choose this option:

  • We receive basic profile information as described in section 2.2
  • We do not receive your password for these services
  • The use of third-party authentication is subject to their respective privacy policies
  • We recommend reviewing the privacy policies of these providers:

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our service and store certain information:

  • Session Cookies: Used to maintain your authentication state
  • Security Cookies: Used to prevent fraud and unauthorized access
  • Preference Cookies: Used to remember your preferences

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service.

8. Web3 and Cryptocurrency Wallets

When you connect a cryptocurrency wallet to our service:

  • We collect your public wallet address
  • We verify your ownership through cryptographic signatures
  • We do not have access to your private keys or assets
  • Transaction data may be recorded on public blockchains

9. Email and Mobile Communications

We may use your email address or phone number to:

  • Send magic links for passwordless authentication
  • Verify your email address or phone number
  • Send security alerts and notifications
  • Communicate important changes to our services
  • Deliver account-related notifications

You can opt out of non-essential communications by following the unsubscribe instructions included in our emails.

10. Children's Privacy

Our service is not directed to anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us.

11. Your Data Rights

Depending on your location, you may have certain rights regarding your personal information:

  • Access: Request copies of your personal data
  • Rectification: Request correction of inaccurate information
  • Erasure: Request deletion of your personal data
  • Restriction: Request limitation of processing of your data
  • Portability: Request transfer of your data to another organization
  • Objection: Object to processing of your personal data

To exercise these rights, please contact us using the details provided in Section 14.

12. Data Retention

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date at the top. You are advised to review this Privacy Policy periodically for any changes.

14. Contact Us

If you have any questions about this Privacy Policy, please contact us:

© 2025 Brah.ma. All rights reserved.