HYAUTHDashboard

Privacy Policy

Last updated: May 25, 2026

1. Overview

This Privacy Policy explains how HyAuth ("we", "our", or "the Service") collects, uses, and protects information when you use our authentication API service.

2. Information We Collect

For Developers (Dashboard Users)

When you sign in to the Developer Dashboard, authentication is handled by our identity provider (Clerk). We store:

  • Your account identifier, username or email, and avatar URL as provided by the sign-in provider
  • API keys you generate (with names you choose)
  • Which privileged scopes your account is approved for

For End Users (Authenticating via Applications)

When you authenticate through an application that uses HyAuth, we use Hytale's OAuth 2.0 device authorization flow. You sign in on Hytale's own login page, so HyAuth never receives or handles your Hytale password.

  • Session data: The temporary authorization session (device codes and the access token issued by Hytale) is stored only until the session completes or expires, typically within 10 minutes, then deleted automatically.
  • Requested data: Based on the scopes the application requests (game profiles and/or email), this data is retrieved from Hytale with your authorization and passed to the requesting application.

3. How We Use Information

  • To authenticate developers and provide access to the Dashboard
  • To facilitate authentication between end users and third-party applications
  • To manage API keys and access permissions
  • To enforce our Terms of Service

4. Data Storage and Security

  • Developer data: Stored in our managed database (Convex)
  • Authentication sessions: Stored only for the lifetime of the flow and purged automatically once they expire
  • Passwords: Never received by HyAuth; you enter them only on Hytale's own login page
  • API keys: Generated with 256 bits of entropy, shown only to you, and revocable at any time from the Dashboard

5. Data Sharing

We share data only in the following circumstances:

  • With third-party applications: When you authenticate, the requested scope data (game profiles and/or email) is shared with the application you're authorizing. You are shown what data will be shared before you authenticate.
  • With Hytale: The OAuth flow runs against Hytale's own authentication servers, where you sign in directly.

We do not sell, rent, or share your data with any other third parties.

6. Cookies

We use HTTP-only cookies, managed by our identity provider, to maintain your Developer Dashboard session, and a cookie to remember your language preference. We use privacy-friendly analytics (Vercel Analytics) that do not rely on cookies. No advertising or cross-site tracking cookies are used.

7. Your Rights

You have the right to:

  • Access: View your data in the Developer Dashboard
  • Delete: Delete your API keys at any time from the Dashboard
  • Sign out: End your Dashboard session at any time

To request complete deletion of your developer account, please contact us via Discord.

8. Third-Party Applications

When you authenticate with a third-party application through HyAuth, that application receives the data you authorize. We are not responsible for how third-party applications use, store, or protect your data. Please review the privacy policy of any application before authenticating.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes by updating the "Last updated" date at the top of this policy.

10. Contact

For questions about this Privacy Policy or to exercise your data rights, join our Discord server.