Privacy Policy

1. Who We Are

WebQ9 Auth is the account and authentication system operated by WebQ9 ("we", "us", "our") for WebQ9 applications, including FlyerWall and other affiliated services. Our primary website is webq9.com.

2. Information We Collect

2.1 Account holders

When you create or use an account, we collect:

• Email address and display name (required for account creation).
• Profile information you provide, such as avatar and locale preference.
• Authentication metadata, including provider ID and sign-in timestamps.
• Service usage data required to support secure account access.
• Billing status where applicable; we may store payment provider customer IDs but never full card data.

2.2 Visitors (unauthenticated)

• Standard server logs (IP address, browser type, timestamps) collected by our hosting providers.
• Essential cookies required for authentication and language preference.

3. How We Use Your Information

• Provide the service: Create, maintain, and secure your account.
• Authentication: Verify identity when you sign in.
• Notifications: Send transactional account and security emails.
• Billing: Process related account payments where applicable.
• Safety: Prevent fraud, abuse, and unauthorized access.

We do not use your data for advertising, profiling, or automated decision-making.

4. Google Sign-In and Google User Data

WebQ9 Auth offers "Sign in with Google" as an authentication option, powered by Google OAuth 2.0 via Supabase Auth.

4.1 Data received from Google

When you choose Google sign-in, we receive:

• Email address for account identity and transactional communication.
• Name and profile picture for account profile setup.
• Google account ID (sub) to link your Google identity to your account.

We do not request access to Gmail, Google Drive, Google Calendar, or other Google services. We request only openid, email, and profile.

4.2 How we use Google user data

• To create and authenticate your WebQ9 account.
• To display your account name and avatar within supported applications.
• To send transactional notices related to account activity and security.

4.3 Storage and sharing

Google user data is stored in our Supabase database. We do not sell, rent, or share your Google user data with third parties, except service providers needed to operate the service (for example Supabase for authentication and data storage, and email providers for transactional delivery). Data received from Google APIs is not used to train AI/ML models, develop advertising products, or for any purpose beyond operating WebQ9 services for the signed-in user.

4.4 Revoking access

You can revoke WebQ9 Auth access at any time via Google Account Permissions. Revoking access does not automatically delete your account. To request deletion, contact privacy@webq9.com.

WebQ9 Auth use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including Limited Use requirements.

5. Third-Party Services

• Google (Sign-In / OAuth) - Privacy Policy
• Supabase (database and authentication) - Privacy Policy
• Vercel (hosting) - Privacy Policy
• Stripe (payments where applicable) - Privacy Policy
• Resend (email delivery) - Privacy Policy

6. Cookies

We use only essential cookies:

• Authentication cookies to keep you signed in.
• Language preference to store your selected locale.
• Service registration to confirm account linkage with supported apps.

We do not use advertising cookies, and we do not run third-party behavioral tracking.

7. Data Retention

• Account data is retained while your account is active.
• Service records are retained as required for legal, security, and operational compliance.
• For marketplace and auction services, transaction and bid records may be retained up to 6 years for legal compliance.
• Server logs are typically retained for up to 30 days unless required longer for incident investigation.

8. Your Rights (GDPR)

Under UK and EU GDPR, you may have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate data.
• Erase your data (subject to legal retention requirements).
• Restrict or object to certain processing.
• Data portability.
• Lodge a complaint with the UK ICO or your local data protection authority.

To exercise these rights, email privacy@webq9.com.

9. Data Security

We use industry-standard safeguards, including encrypted transport (TLS), secure credential handling, database protections, and controlled infrastructure access. No method of Internet transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy periodically. For material changes, we will provide notice through the service or by email where required.

11. Contact

For privacy inquiries, contact privacy@webq9.com.