Your provider passwords are never seen by anyone involved with gloss. There are no (and will never be) any intentions of stealing your data. Feel free to read the source code.
When developing gloss, providing a secure method of authentication, while making it as simple as possible for the developer and the user, was of utmost importance. This service uses OAuth 2.0 to authenticate users, allowing for a simple sign-in process with their provider of choice.
When you sign in, a token is generated from the third-party provider that is specific to your account, meaning none of your passwords are sent to the server. This token is used to authenticate you when you sign in. The token, along with a unique ID for your account, is then stored on a PostgreSQL database hosted on Neon. These tokens are specific for usage on gloss and cannot be used to access your account on the provider.
At any point you decide to delete your account, all associated data will be deleted from the database.
If you have any questions about this privacy policy or how your data is handled, please open an issue on GitHub.
Last updated: January 2, 2025