Privacy Policy

LoneSock ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Wenme Identity Platform ("Service"). Please read this privacy policy carefully.

1. Information We Collect

Personal Information

When you register for an account, we collect:

• Email address
• Name
• Username
• Profile information (optional): job title, company, location, bio
• Social media profiles (optional): LinkedIn, GitHub, Twitter

Authentication Data

For security, we store:

• WebAuthn/FIDO2 public keys (never private keys)
• TOTP secret keys (encrypted)
• Bcrypt-hashed backup codes
• Session tokens

Usage Data

We automatically collect:

• IP addresses
• Browser type and version
• Device information
• Access times and dates
• Pages viewed

2. How We Use Your Information

We use your information to:

• Provide and maintain our Service
• Authenticate your identity securely
• Send important service notifications
• Respond to your inquiries and support requests
• Detect and prevent fraud or unauthorized access
• Comply with legal obligations
• Improve our Service based on usage patterns

3. Data Sharing and Disclosure

We do NOT sell, trade, or rent your personal information. We may share your information only in these circumstances:

• With your consent: When you explicitly agree to sharing
• Service providers: Trusted third parties who assist in operating our Service
• Legal requirements: When required by law or to protect rights and safety
• Business transfers: In connection with merger, acquisition, or asset sale

4. Data Security

We implement industry-leading security measures:

• AES-256-GCM encryption for data at rest
• TLS 1.3 for data in transit
• Bcrypt hashing (cost factor 12) for sensitive data
• Hardware security modules for key management
• Regular security audits and penetration testing
• 24/7 security monitoring

5. Data Retention

We retain your personal information for as long as necessary to:

• Provide our Service to you
• Comply with legal obligations
• Resolve disputes
• Enforce our agreements

When you delete your account, we remove your personal information within 30 days, except where retention is required by law.

6. Your Rights (GDPR)

Under GDPR, you have the right to:

• Access: Request copies of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data
• Restriction: Request restriction of processing
• Portability: Request transfer of your data
• Object: Object to processing of your data
• Withdraw consent: Where processing is based on consent

7. California Privacy Rights (CCPA)

California residents have additional rights:

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to say no to the sale of personal information
• Right to equal service and price

8. Cookies and Tracking

We use essential cookies for:

• Authentication and session management
• Security features
• User preferences

We do not use third-party tracking cookies or advertising cookies.

9. Children's Privacy

Our Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete it immediately.

10. International Data Transfers

Your information may be transferred to and maintained on servers located outside your country. We ensure appropriate safeguards are in place for international transfers in compliance with applicable laws.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Continued use of our Service after changes constitutes acceptance of the updated policy.

12. Contact Information

For privacy-related questions or to exercise your rights, contact us at: