HYAUTHDashboard

Privacy Policy

Last updated: December 15, 2025

1. Overview

This Privacy Policy explains how HyAuth ("we", "our", or "the Service") collects, uses, and protects information when you use our authentication API service.

2. Information We Collect

For Developers (Dashboard Users)

When you sign in to the Developer Dashboard via Discord, we collect:

  • Discord user ID
  • Discord username
  • Discord avatar URL

We also store:

  • API keys you generate (with names you choose)
  • Dashboard session tokens (expire after 7 days)
  • Approved privileged scopes for your account

For End Users (Authenticating via Applications)

When you authenticate through a third-party application using HyAuth:

  • Credentials: Your Hytale email and password are transmitted through our servers to Hytale's authentication servers. This is required for the service to work. We do NOT store or log your password.
  • Session data: Temporarily stored in memory for up to 10 minutes, then automatically deleted.
  • Requested data: Based on the scopes the application requests (usernames, editions, email, UUIDs), this data is retrieved from Hytale through our servers and passed to the requesting application.

All data from Hytale passes through HyAuth's infrastructure. This is inherent to how the service operates and cannot be avoided.

3. How We Use Information

  • To authenticate developers and provide access to the Dashboard
  • To facilitate authentication between end users and third-party applications
  • To manage API keys and access permissions
  • To enforce our Terms of Service

4. Data Storage and Security

  • Developer data: Stored in a SQLite database
  • Authentication sessions: Stored in memory only, never persisted to disk
  • Passwords: Never stored - passed through to Hytale's servers and immediately discarded
  • Dashboard tokens: Automatically expire and are deleted after 7 days
  • Auth sessions: Automatically expire and are deleted after 10 minutes

5. Data Sharing

We share data only in the following circumstances:

  • With third-party applications: When you authenticate, the requested scope data (usernames, editions, etc.) is shared with the application you're authorizing. You are shown what data will be shared before you authenticate.
  • With Hytale: Your credentials are sent to Hytale's authentication servers to verify your account.

We do not sell, rent, or share your data with any other third parties.

6. Cookies

We use HTTP-only cookies to maintain your Developer Dashboard session. These cookies contain only a session token and cannot be accessed by JavaScript. No tracking or analytics cookies are used.

7. Your Rights

You have the right to:

  • Access: View your data in the Developer Dashboard
  • Delete: Delete your API keys at any time from the Dashboard
  • Logout: End your session and clear your authentication cookie

To request complete deletion of your developer account, please contact us via Discord.

8. Third-Party Applications

When you authenticate with a third-party application through HyAuth, that application receives the data you authorize. We are not responsible for how third-party applications use, store, or protect your data. Please review the privacy policy of any application before authenticating.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes by updating the "Last updated" date at the top of this policy.

10. Contact

For questions about this Privacy Policy or to exercise your data rights, join our Discord server.