Privacy Policy
Effective Date: January 1, 2025
Eastgate Software Engineering ("Company", "we", "us", or "our") operates Continue.Mobi ("Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.
By using the Service, you consent to the collection and use of your information as described in this Privacy Policy. If you do not agree, please do not use the Service.
1. Information We Collect
1.1 Information You Provide
| Data Type | Purpose | Required |
|---|---|---|
| Phone number | Account identification and OTP delivery | Yes |
| Full name | Profile display in connected applications | No |
| Email address | Alternative OTP delivery, account recovery | No |
1.2 Information Collected Automatically
| Data Type | Purpose | Retention |
|---|---|---|
| IP address | Security, rate limiting, fraud detection | 90 days (audit logs) |
| User-Agent string | Device identification, session security | 90 days (audit logs) |
| Device identifier | Multi-device management, auto-login | Up to 90 days |
| IP geolocation (country) | Fraud detection (country mismatch alerts) | Duration of device token |
| Login timestamps | Account activity tracking | Duration of account |
1.3 Information We Do NOT Collect
- We do not store your OTP codes in plaintext. All OTP codes are hashed before storage and automatically deleted after use or expiration.
- We do not track your browsing activity across other websites.
- We do not sell, rent, or trade your personal information to third parties for marketing purposes.
2. How We Use Your Information
We use the information we collect to:
- Provide authentication services: Send OTP codes, verify your identity, and manage your sessions.
- Protect security: Detect and prevent fraud, unauthorized access, and abuse of the Service through rate limiting, IP monitoring, and device tracking.
- Facilitate third-party login: Share your phone number and basic profile information with Client Applications you authorize via OAuth 2.0.
- Maintain and improve the Service: Monitor performance, fix issues, and improve functionality.
- Comply with legal obligations: Respond to lawful requests from government authorities.
3. Information Sharing and Disclosure
3.1 With Authorized Client Applications
When you authenticate with a third-party Client Application through our Service, we share the following information with that application:
- Your phone number
- Your full name (if provided)
- Your email address (if provided)
- Your account verification status
This sharing occurs only after you initiate the login flow with the Client Application. You can review your connected applications through the Service.
3.2 With Service Providers
We may share information with third-party service providers who assist us in operating the Service:
- SMS providers (e.g., AWS SNS, Twilio): Your phone number, for OTP delivery.
- Email providers: Your email address, for OTP delivery where applicable.
- Database hosting: All data stored in our database infrastructure.
3.3 For Legal Reasons
We may disclose your information if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
4. Data Retention
| Data | Retention Period |
|---|---|
| User account data | Until account deletion is requested |
| OTP codes (hashed) | Automatically deleted after use or 10 minutes |
| Audit logs (IP, events) | 90 days (auto-deleted) |
| Device tokens | Up to 90 days from creation (auto-deleted) |
| OAuth access tokens | Until expiry or revocation |
| Session data | Until session expiry (default: 2 hours) |
5. Data Security
We implement appropriate technical and organizational measures to protect your personal information, including:
- OTP codes are hashed using bcrypt before storage.
- OAuth client secrets are hashed using bcrypt.
- All sessions use secure, HTTP-only cookies with SameSite protection.
- Rate limiting and progressive delays protect against brute-force attacks.
- Session fingerprinting detects potential session hijacking.
- Input sanitization prevents injection attacks.
- CSRF tokens protect against cross-site request forgery.
- Content Security Policy headers restrict script execution.
While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
6. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request correction of inaccurate personal information.
- Deletion: Request deletion of your personal information, subject to legal obligations.
- Portability: Request your data in a structured, machine-readable format.
- Objection: Object to the processing of your personal information in certain circumstances.
- Withdraw consent: Withdraw your consent to processing at any time, without affecting the lawfulness of prior processing.
To exercise these rights, please contact us using the information provided below.
7. Cookies and Similar Technologies
We use the following cookies:
| Cookie | Purpose | Type |
|---|---|---|
| Session cookie | Maintain your login session | Essential (HTTP-only) |
| Device identifier | Enable multi-device management and auto-login | Essential (HTTP-only) |
| CSRF token | Prevent cross-site request forgery | Essential (session) |
We do not use advertising or tracking cookies. All cookies used are essential for the operation of the Service.
8. Children's Privacy
The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly.
9. International Data Transfers
Your information may be processed and stored in countries other than your country of residence, including the Philippines and countries where our service providers operate (e.g., United States for AWS). By using the Service, you consent to the transfer of your information to these countries.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.
11. Data Protection Officer
For privacy-related inquiries, you may contact our Data Protection Officer at:
- Email: privacy@continue.mobi
12. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:
- Email: support@continue.mobi
- Website: https://continue.mobi