Privacy Policy
Last Updated: February 2026
AvahVerse (“we”, “our”, or “us”) operates the AvahVerse Console and related services at https://avahverse.com. This Privacy Policy describes how we collect, use, process, store, and protect user information, including information obtained through Google OAuth authentication.
AvahVerse is designed to minimize data collection. We collect only the information necessary to authenticate users, provide access to tenant-scoped services, and maintain platform security and auditability.
We do not collect personal information beyond what is required for authentication and operational security.
AvahVerse uses Google OAuth 2.0 (OpenID Connect / OIDC) solely for user authentication.
When users choose to sign in with Google, we request only standard OpenID Connect scopes:
- openid
- profile
This information is used strictly to verify user identity during authentication.
AvahVerse does not access:
- Gmail content
- Google Drive files
- Google Calendar data
- Google Workspace data
- Any restricted Google APIs
Google user data is used exclusively for authentication:
- To verify the user’s identity
- To establish a secure authenticated session
- To associate the session with an internal user identifier
We do not use Google user data for advertising, marketing, profiling, or analytics.
AvahVerse does not permanently store Google profile data. Google authentication tokens are processed securely during login, validated server-side, and are not retained beyond session requirements.
AvahVerse does not maintain copies of Google profile information such as name, profile photo, or Google account metadata.
Internal system identifiers may be generated for session management, but these do not store Google profile attributes.
AvahVerse does not sell user data, share Google user data with third parties, or transfer Google data for commercial purposes.
Google data is processed solely within AvahVerse’s secure infrastructure for authentication and access control.
AvahVerse implements enterprise-grade security controls, including:
- Role-Based Access Control (RBAC)
- Row-Level Security (RLS)
- Encrypted transport (HTTPS/TLS)
- Strict tenant isolation
- Audit logging for governance actions
Authentication workflows are designed to minimize exposure of user information.
Users may revoke Google access at any time via their Google Account permissions page. AvahVerse does not retain Google profile data after authentication, and no persistent Google account data is stored within the platform.
AvahVerse relies on trusted infrastructure providers to securely operate the platform. These providers do not receive access to Google user data beyond what is required for authentication processing.
For privacy-related inquiries, contact security@avahverse.com.
We may update this Privacy Policy periodically. Changes will be posted on this page with an updated revision date.
In addition to authentication data described above, AvahVerse processes limited operational data necessary to provide tenant-scoped services. This may include:
- Internal user identifiers
- Organization membership associations
- Role assignments (RBAC)
- Audit logs of governance actions
- Security review decisions and approvals
- MFA verification timestamps
This data is processed solely for platform operation, access control, security, and auditability.
Where applicable, AvahVerse processes personal data under one or more of the following legal bases:
- Contractual necessity (to provide the service)
- Legitimate interest (platform security and integrity)
- Legal compliance obligations