RDN Identity
RDN Identity
Site
LoginSign Up

Privacy Policy

Last updated: February 11, 2026

1. Information We Collect

RDN Identity collects only the information necessary to provide secure identity and access management services. This includes:

  • Account information — name, email address, and username provided during registration.
  • Authentication data — hashed passwords, two-factor authentication tokens, passkey credentials, and phone numbers used for verification.
  • Usage data — login timestamps, IP addresses, and session information for security monitoring.
  • Tenant information — organizational identifiers and role assignments.

2. How We Use Your Information

We use the collected information to:

  • Authenticate your identity and manage access to services.
  • Provide and maintain two-factor authentication via authenticator apps, passkeys, SMS, or WhatsApp.
  • Detect and prevent unauthorized access, fraud, and security threats.
  • Fulfill legal obligations and enforce our terms of use.

3. Data Storage and Security

All data is stored in encrypted databases. Passwords are cryptographically hashed and never stored in plain text. Passkey credentials use public-key cryptography — private keys never leave your device. Verification codes are hashed and automatically expire. We implement industry-standard security measures including TLS encryption in transit, rate limiting, and account lockout protections.

4. Third-Party Services

We use the following third-party services to deliver authentication features:

  • Twilio — for WhatsApp verification message delivery. Your phone number is shared with Twilio solely for this purpose.
  • Azure Communication Services — for SMS verification message delivery.
  • External identity providers (Google, GitHub, Microsoft, LinkedIn, Amazon) — if you choose to sign in via an external provider, we receive only the profile information authorized by you during the OAuth consent flow.

5. SMS and WhatsApp Opt-In/Opt-Out

Adding a phone number for SMS or WhatsApp verification uses a double opt-in process: you request the channel, receive a one-time code, and confirm by entering the code. Verification codes are only sent after you complete this confirmation step.

You may opt out at any time by:

  • Removing the phone channel from your authentication settings in your profile.
  • Replying STOP, STOPALL, UNSUBSCRIBE, CANCEL, END, or QUIT to any verification message.

Opting out immediately removes the channel and records a revocation in the consent audit trail. Standard message and data rates may apply.

6. Data Retention

Account data is retained for as long as your account is active. Security logs and session data are retained for a reasonable period to support incident investigation. Verification codes are short-lived and automatically purged after expiration. You may request deletion of your account and associated data at any time.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate information through your profile settings.
  • Delete your account and request removal of your personal data.
  • Withdraw consent for optional communication channels at any time.

8. Contact

For questions about this privacy policy or to exercise your data rights, please contact us at privacy@ferrumconsulting.com.