{% extends "layout.html" %}

{% block title %}{% trans %}Privacy Policy{% endtrans %}{% endblock %}

{% block content %}
    <article>
        <header>
            <h2>{% trans %}Privacy Policy{% endtrans %}</h2>
        </header>

        <section>
            <h3>{% trans %}Overview{% endtrans %}</h3>
            <p>
                {% trans %}
                    Auth Playground is a <strong>demonstration tool</strong> for OpenID Connect authentication.
                {% endtrans %}
            </p>
        </section>

        <section>
            <h3>{% trans %}What Data Is Handled{% endtrans %}</h3>
            <p>
                {% trans %}When you authenticate through Auth Playground, the following information is received from your
                    identity provider:{% endtrans %}
            </p>
            <ul>
                <li><strong>{% trans %}Access token:{% endtrans %}</strong> {% trans %}Used to access protected resources{% endtrans %}</li>
                <li><strong>{% trans %}Refresh token:{% endtrans %}</strong> {% trans %}Used to obtain new access tokens (if provided){% endtrans %}</li>
                <li><strong>{% trans %}ID token:{% endtrans %}</strong> {% trans %}Contains your identity information in JWT format{% endtrans %}</li>
                <li><strong>{% trans %}User information:{% endtrans %}</strong> {% trans %}Profile data such as name, email, phone, address, groups, etc.{% endtrans %}</li>
            </ul>
            <p>
                {% trans %}The exact data received depends on the scopes requested and what your identity provider shares.{% endtrans %}
            </p>
        </section>

        <section>
            <h3>{% trans %}How Data Is Stored{% endtrans %}</h3>
            <p>
                {% trans %}All authentication data is stored server-side in memory.{% endtrans %}
            </p>
            <ul>
                <li>{% trans %}Data is stored in <strong>server memory</strong> (RAM) only{% endtrans %}</li>
                <li>{% trans %}A secure session cookie is sent to your browser (containing only a session ID, not the actual data){% endtrans %}</li>
                <li>{% trans %}No database, files, or permanent storage is used{% endtrans %}</li>
                <li>{% trans %}All session data is lost when the application restarts{% endtrans %}</li>
                <li>{% trans %}Data is cleared when you log out{% endtrans %}</li>
                <li>
                    {% if config.SESSION_PERMANENT %}
                        {% trans timeout=config.PERMANENT_SESSION_LIFETIME|format_timedelta %}Sessions expire after {{ timeout }}{% endtrans %}
                    {% else %}
                        {% trans %}Sessions expire when you close your browser{% endtrans %}
                    {% endif %}
                </li>
            </ul>
        </section>

        <section>
            <h3>{% trans %}Data Sharing{% endtrans %}</h3>
            <p>
                {% trans %}Auth Playground does not:{% endtrans %}
            </p>
            <ul>
                <li>{% trans %}Share your data with third parties{% endtrans %}</li>
                <li>{% trans %}Send data to external services{% endtrans %}</li>
                <li>{% trans %}Store data permanently{% endtrans %}</li>
                <li>{% trans %}Track your usage{% endtrans %}</li>
                <li>{% trans %}Use analytics or advertising{% endtrans %}</li>
            </ul>
            <p>
                {% trans %}The only external communication is with your configured identity provider for authentication purposes.{% endtrans %}
            </p>
        </section>

        <section>
            <h3>{% trans %}Security Considerations{% endtrans %}</h3>
            <ul>
                <li>{% trans %}Use only <strong>test accounts</strong>, not real user accounts{% endtrans %}</li>
                <li>{% trans %}Do not use sensitive or production data{% endtrans %}</li>
                <li>{% trans %}Ensure your deployment is properly secured (HTTPS, firewall, etc.){% endtrans %}</li>
                <li>{% trans %}Change the default{% endtrans %} <code>SECRET_KEY</code> {% trans %}environment variable{% endtrans %}</li>
            </ul>
        </section>

        <section>
            <h3>{% trans %}Your Rights{% endtrans %}</h3>
            <ul>
                <li>{% trans %}You can review the source code to understand data handling{% endtrans %}</li>
                <li>{% trans %}You can modify the application to suit your needs{% endtrans %}</li>
            </ul>
        </section>

        <section>
            <h3>{% trans %}Identity Provider's Privacy Policy{% endtrans %}</h3>
            <p>
                {% trans %}Your identity provider may have its own privacy policy regarding the data they collect and share.
                    Please review their privacy policy for information about how they handle your data.{% endtrans %}
            </p>
        </section>
    </article>
{% endblock %}