Privacy Policy

Last updated: February 21, 2026

What perpetua.sh does

perpetua.sh is a transparent OAuth proxy. You connect provider accounts (Google Calendar, Oura Ring, etc.) once, then use a single API key while perpetua.sh handles OAuth token refresh and request forwarding.

What we collect

• Account information — Email address and name provided through your login provider (e.g. Google, GitHub)
• OAuth tokens — Refresh tokens (encrypted at rest) and short-lived access tokens for each provider you connect
• Billing information — Managed by Stripe. We store your Stripe customer ID and subscription status but never see your full card number.
• API keys — Stored as one-way hashes. The plaintext key is shown once at creation and never stored.

What we don't collect

• API response data — perpetua.sh proxies requests between you and your connected providers. We do not read, log, or store the content of those API responses.
• Usage analytics — We do not use third-party analytics or tracking scripts.

How we use your data

Your data is used solely to operate the service: authenticating you, refreshing OAuth tokens, forwarding API requests, and processing billing.

Third-party services

• Stripe — Payment processing. See Stripe's privacy policy.
• OAuth providers — Each provider you connect has its own privacy policy governing the data accessible through their API.

Data retention

• OAuth tokens are stored until you disconnect a provider or delete your account.
• Account data is retained until you request deletion.

Data deletion

You can disconnect any provider from your dashboard at any time, which removes stored tokens immediately. To delete your entire account and all associated data, contact us at the address below.

Contact

For privacy questions or data deletion requests, email daniel@perpetua.sh.