Effective May 28, 2026

Privacy Policy

How MRBD collects, uses, and protects personal data — both for developers using the platform and for end users who sign in through MRBD managed authentication.

This Privacy Policy explains how MRBD ("MRBD", "we") handles personal data. It covers two groups of people: (1) developers who use the MRBD developer platform, and (2) end users who sign in to a developer's application through MRBD managed authentication.

For developer account data, MRBD is the controller. For end-user data processed through managed authentication, MRBD acts as a processor on behalf of the developer (the controller); see our Data Processing Addendum for those terms.

1. Developer data we collect

  • Account data: your email address and authentication metadata when you sign in to the developer portal.
  • Application data: the application identifiers, display names, publisher details, allowed origins, and legal configuration you provide.
  • Usage and security data: IP address, user agent, timestamps, and audit records of actions you take in the portal and the broker.

2. End-user data processed through managed authentication

When an end user signs in to a developer's application through MRBD, we process the following on the developer's behalf to operate the sign-in flow:

  • Email address submitted during pairing and used to deliver a one-time passcode.
  • Authentication metadata: a Supabase user identifier, device pairing codes (stored only as hashes), session tokens, and the status of each sign-in request.
  • Security context: IP address, user agent, and request origin, used for rate limiting, abuse prevention, and the audit trail.

We do not use end-user data for our own advertising or profiling. We process it to provide authentication to the developer and to keep the service secure.

3. How we use data

  • To operate, maintain, and secure the Platform and its authentication flows.
  • To prevent abuse, fraud, and unauthorized access, including rate limiting and audit logging.
  • To communicate with developers about their account, security, and service changes.
  • To comply with legal obligations and enforce our terms.

4. How we share data

We share data with infrastructure subprocessors that help us run the Platform (for example, our managed database and authentication provider and email delivery), under contracts that require appropriate protection. We do not sell personal data. We may disclose data when required by law or to protect rights and safety.

5. Retention and security

We keep personal data for as long as needed to provide the Platform and meet legal, security, and audit obligations, then delete or anonymize it. In-flight pairing requests expire and are consumed; device secrets and pairing codes are stored only as hashes. We use technical and organizational measures, including transport encryption and access controls, to protect data.

6. Your choices and rights

Depending on where you live, you may have rights to access, correct, delete, or restrict your personal data. Developers can exercise these rights by contacting privacy@mrbd.io. End users should direct requests to the developer of the application they used; we will assist that developer as their processor.

7. Contact

For privacy questions, contact privacy@mrbd.io.

This document is provided for the MRBD platform and may be updated. It is not legal advice.

Privacy Policy · MRBD.io