Privacy Policy

Information We Process

When a user authorizes access through Google or GitHub, SZLK API receives OAuth profile information and access tokens from the provider so the connected product can perform the action the user requested.

• Basic profile information such as account identifier and email address.
• OAuth access tokens and refresh tokens, when provided by the upstream provider.
• Connection metadata such as provider, granted scopes, connection status, project identifier, delegated subject identifier, and timestamps.
• API request logs needed for security, troubleshooting, auditing, quota enforcement, and service reliability.

How We Use Information

We use OAuth information only to authenticate the user, connect the user-authorized account, and call the provider APIs needed by the product that initiated the authorization.

• Google login uses OpenID Connect profile and email information.
• Google Search Console access uses the read-only Search Console scope to list verified sites and query Search Analytics data.
• GitHub access uses authorized GitHub scopes to read repositories, commits, pull requests, and workflow runs requested by the connected product.

Token Storage and Security

OAuth credentials are encrypted before being stored. Access is scoped by Cloudapi project, project key, delegated subject, and connection identifier. We do not sell OAuth data or use it for advertising.

Sharing

We share data only with the product that initiated the user authorization and with the upstream provider APIs required to complete the requested action. We may disclose information when required by law or to protect the service from abuse.

Retention and Revocation

Connection records are retained while the connected product needs the integration. Users may revoke access through the connected product, through their Google or GitHub account security settings, or by contacting us.

Contact

For privacy questions or OAuth access removal requests, contact SZLK at privacy@szlk.ai.