Skip to content

Privacy Policy

Last updated: February 18, 2026

1. Introduction

Ghowraith, Inc. ("Ghowraith," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our FIDO2 security key lifecycle management platform and website (collectively, the "Service").

2. Information We Collect

Information you provide:

  • Account information (name, email, organization)
  • Contact form submissions
  • Security key inventory data you upload or enter
  • User directory information synced from your identity provider
  • Support requests and communications

Information collected automatically:

  • Device and browser information
  • IP address and approximate location
  • Usage data (pages visited, features used, timestamps)
  • Authentication event logs (success/failure, key type, protocol used)

3. How We Use Your Information

  • Provide, maintain, and improve the Service
  • Process security key lifecycle events (provisioning, assignment, revocation)
  • Generate analytics and compliance reports for your organization
  • Send transactional communications (alerts, notifications, support responses)
  • Detect and prevent security incidents
  • Comply with legal obligations

4. Data Sharing

We do not sell your personal information. We may share data with:

  • Service providers — hosting, analytics, and support tools that help us operate the Service
  • Your organization — administrators in your account can access usage and inventory data
  • Legal requirements — when required by law, subpoena, or to protect our rights

5. Data Security

We implement industry-standard security measures including encryption in transit (TLS 1.3) and at rest (AES-256), role-based access controls, audit logging, and regular security assessments. Security key credential data is handled in accordance with FIDO Alliance specifications.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Authentication logs are retained for the period configured by your organization (default: 12 months). You may request deletion of your data at any time.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access, correct, or delete your personal information
  • Export your data in a portable format
  • Opt out of non-essential communications
  • Restrict or object to certain processing

8. Cookies

We use essential cookies to operate the Service (session management, authentication). We use analytics cookies only with your consent to understand how the Service is used. You can manage cookie preferences in your browser settings.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date.

10. Contact

If you have questions about this Privacy Policy, contact us at privacy@ghowraith.com.