Privacy Policy

Last updated: 2026

This Privacy Policy explains how Cortlet collects, uses, and protects your information when you use our website, authentication system, developer tools, and related services. By using Cortlet, you agree to the practices described here.

1. Information We Collect

We collect information in three categories:

  • Information you provide directly through OAuth
  • Information collected automatically through analytics
  • Security and operational data collected through logging systems

OAuth Login Information

When signing in with Google or GitHub, we collect:

  • Your name (if provided)
  • Email address
  • Profile image
  • OAuth provider ID
  • Login timestamps (success & failure)

Analytics Information

Cortlet uses Vercel Analytics to collect anonymized usage information:

  • Approximate location (country, region)
  • Device type & browser
  • Page views & session duration
  • Performance metrics (LCP, TTFB, etc.)

AWS CloudWatch Logs

For security and operational integrity, Cortlet uses AWS CloudWatch to log:

  • IP address
  • Request paths & timestamps
  • Login success/failure
  • Error diagnostics
  • API request metadata

These logs help detect abusive activity, unusual authentication behavior, and system errors.

Bot Detection & Security Signals

To protect Cortlet from automated abuse, we perform limited, anonymous security checks:

  • pointer movement patterns
  • interaction timing
  • touch/pressure signals (when supported)
  • challenge–response verification
  • temporary session-only signals

These signals are processed in real time, not stored, not used for tracking, and cannot identify users.

Cookies & Tracking

Cortlet does not use tracking or advertising cookies. Temporary operational signals do not identify users and expire at session end.

2. How We Use Your Data

  • Authenticate users via OAuth
  • Secure accounts
  • Improve performance and reliability
  • Monitor usage trends
  • Audit login behavior
  • Meet legal requirements

3. How We Share Information

Cortlet does not sell your data. We share limited information with:

  • Firebase (authentication)
  • Vercel Analytics (anonymous traffic metrics)
  • AWS CloudWatch (security logs)

4. Data Retention & Deletion

When you delete your Cortlet account, we remove:

  • OAuth identity
  • Login history
  • User metadata

CloudWatch logs may remain for up to 90–365 days for security auditing.

5. Your Rights

Depending on your region, you may request:

  • Access to your data
  • Correction of inaccurate data
  • Deletion
  • Restriction of processing
  • GDPR export

6. Contact Us

For privacy-related questions, email:
support@cortlet.com

© 2026 Cortlet — Privacy Policy