Privacy Policy

Last updated: April 2026

Our Core Promise

Antara is built on one principle: apps should never receive your personal information. Your email, phone number, and personal data stay with Antara — never shared with the apps you connect to.

What We Collect

  • Email address — used only for authentication. Encrypted at rest using AES-256-GCM. Apps never see it.
  • Per-app identity (slug) — a random identifier unique to each app. Cannot be used to correlate you across apps.
  • Session data — IP address and user agent, stored for security and fraud detection. Automatically expired.

What We Do NOT Collect

  • Passwords (we use magic links)
  • Phone numbers
  • Location data
  • Browsing history
  • App usage behavior

Data Isolation

Each app gets a unique, unguessable slug for your identity. This means:

  • App A cannot discover your identity on App B
  • No cross-app tracking is possible
  • Slugs can be rotated at any time

Encryption

All personally identifiable information is encrypted using envelope encryption (AES-256-GCM with per-record data encryption keys). Even in the unlikely event of a data breach, your email is unreadable without the master key.

Data Retention

  • Active accounts: data retained while your account is active
  • Soft-deleted slugs: hidden from your dashboard immediately; you may recover them for 30 days
  • Backend copies after soft delete: may be retained longer for security, abuse investigation, and legal compliance, then purged according to internal schedules
  • Deleted accounts: personal data purged within 30 days unless a longer hold is required by law
  • Rotated slugs: prior slug values expire after the published grace period
  • Audit logs: retained for at least 90 days (longer where required)

Your Rights

You can:

  • View which apps have your identity
  • Revoke access to any app at any time
  • Rotate your identity slug
  • Delete your account entirely

Third-Party Sharing

We do not sell, rent, or share your personal data with third parties. Apps receive only an opaque slug — never your email or phone.

Transactional email (magic links & invites)

Account magic links, security notices, and optional invite messages are sent as transactional email only (not marketing). Messages are submitted from our infrastructure to a dedicated HTTPS email gateway operated alongside Zoho Mail (for example on sahaj.tools), which relays mail using Zoho’s SMTP service. The gateway receives only what is required to deliver each message (recipient, subject, and rendered body for that send). Our edge servers do not open SMTP connections to your provider.

Delivery is not guaranteed. Email can be delayed, filtered as spam, or rejected by your mailbox provider. You are responsible for supplying an accurate address, checking spam or promotions folders, and maintaining access to the inbox you use with Antara. We do not use email content or magic-link URLs in application audit logs beyond high-level delivery events (for example send succeeded or failed).

API messaging & capability tokens

Message delivery uses our APIs, not user mailboxes. A <slug>@useantara.com label is a routing identifier for API payloads and documentation; we do not operate classic hosted inboxes for users at that address. Optional capability tokens are short-lived secrets you or an app may create; treat them like passwords. Content may be scanned for abuse signals and stored according to the retention rules above.

Contact

Questions about privacy? Email privacy@useantara.com. Abuse reports: abuse@useantara.com. We aim to acknowledge abuse reports within a reasonable timeframe (typically 3–7 business days).