BETTER-AUTH.

Privacy Policy

Last updated: January 29th, 2026.

Better Auth, Inc. (“Company,” “we,” “us,” or “our”) provides authentication, identity, authorization, and related services (the “Services”). This Privacy Policy explains how we collect, use, disclose, and protect personal information when you:

  • Visit our website;
  • Create an account;
  • Use our Services;
  • Interact with us for sales, marketing, or support; or
  • Are an end user authenticated through our platform (“End Users”).

This Privacy Policy does not apply to personal information processed by our customers through their applications. In those cases, we act as a data processor and process information on behalf of the customer in accordance with our Data Processing Addendum (“DPA”).

1. Information We Collect

1.1 Information You Provide Directly

We may collect:

  • Name, email address, company name, and job title
  • Account credentials
  • Billing information
  • Communications you send to us
  • Demo or event registration information

1.2 Information Collected Through the Services

When customers use our authentication platform, we may process:

  • User identifiers (e.g., email, username, user ID)
  • Authentication credentials (e.g., hashed passwords, OAuth tokens, MFA factors)
  • Login and activity logs
  • IP address and device information
  • Metadata related to authentication events

This information is processed on behalf of our customers.

1.3 Automatically Collected Information

When you visit our website, we may collect:

  • IP address
  • Browser type and device information
  • Pages visited and referring URLs
  • Usage data through cookies and similar technologies

2. How We Use Information

We use personal information to:

  • Provide, operate, and maintain the Services
  • Authenticate users and secure accounts
  • Prevent fraud, abuse, and unauthorized access
  • Improve and develop new features
  • Respond to inquiries and provide support
  • Process payments
  • Comply with legal obligations

We do not sell personal information.

We do not use authentication data for advertising profiling.

3. Legal Bases for Processing (EEA/UK)

If you are located in the European Economic Area (EEA) or United Kingdom, we process personal data under the following legal bases:

  • Performance of a contract
  • Legitimate interests (e.g., security, fraud prevention, product improvement)
  • Compliance with legal obligations
  • Consent, where required

4. How We Share Information

We may share personal information with:

4.1 Service Providers (Subprocessors)

We use trusted third parties to support our Services, such as:

  • Cloud hosting providers
  • Analytics providers
  • Email and SMS delivery providers
  • Payment processors

We require these providers to protect personal information and process it only for authorized purposes.

4.2 Legal Requirements

We may disclose information if required by law or in response to valid legal processes.

4.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction.

5. Data Retention

We retain personal information for as long as necessary to:

  • Provide the Services
  • Maintain security and audit logs
  • Comply with legal obligations
  • Resolve disputes and enforce agreements

Retention periods may vary depending on the type of data and customer configuration.

6. Security

We implement administrative, technical, and physical safeguards designed to protect personal information, including:

  • Encryption in transit
  • Access controls
  • Monitoring and logging
  • Secure development practices

However, no system is completely secure, and we cannot guarantee absolute security.

7. International Data Transfers

We may transfer personal information to countries outside of your jurisdiction, including the United States. Where required by law, we rely on appropriate safeguards such as Standard Contractual Clauses.

8. Your Rights

Depending on your jurisdiction, you may have rights to:

  • Access personal information
  • Correct inaccurate data
  • Delete personal information
  • Restrict or object to processing
  • Data portability
  • Withdraw consent

If we process your data on behalf of a customer, please contact the relevant customer directly. We will assist customers in responding to lawful requests.

To exercise your rights, contact us at support@better-auth.com.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Operate the website
  • Analyze usage
  • Improve performance

You may control cookies through your browser settings. Some features may not function properly if cookies are disabled.

10. Children's Privacy

The Services are not directed to children under 13 (or equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children.

11. California Privacy Rights

If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA/CPRA), including rights to access, delete, and correct personal information. We do not sell personal information as defined under California law.

To submit a request, contact support@better-auth.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version with a revised “Last Updated” date.

13. Contact Us

If you have questions about this Privacy Policy, contact:

Better Auth, Inc.

Address: 49 Powell St, 2nd Floor, San Francisco, CA, 94102

Email: support@better-auth.com