TryMellon is a B2B service for developers and businesses. This Policy covers data collected from visitors to trymellonauth.com and from registered Customers. It does not cover the End Users of Customer applications — Customers are responsible for their own users' privacy notices.
1. Who We Are
Augusto Gomez Saa, operating TryMellon as an individual business, based in Mendoza, Argentina.
Privacy contact: [email protected]
2. Data We Collect
Website Visitors (trymellonauth.com)
| Data | Purpose | Legal basis |
|---|---|---|
| IP address, country, request metadata | DDoS protection, CDN routing, aggregated traffic analytics | Legitimate interest |
| Browser type, device type | Compatibility analysis (aggregated, not linked to individuals) | Legitimate interest |
We do not use client-side analytics tools (no Google Analytics, no tracking pixels, no session recording). The data above is processed automatically by Cloudflare as part of serving the site and is available to us only in aggregated, anonymized form.
Registered Customers (dashboard and API)
| Data | Purpose | Legal basis |
|---|---|---|
| Email address | Authentication, system notifications | Contract performance |
| Name / organization name | Billing, support | Contract performance |
| Country | Tax compliance | Legal obligation |
| API request logs (timestamp, endpoint, HTTP status, origin IP) | Service operation, debugging, abuse detection | Legitimate interest |
| Usage metrics (authentication count, error rates) | Usage-based billing, service improvement | Contract performance |
| Passkey credentials (public keys only) | Core service functionality | Contract performance |
| Error reports and stack traces | Debugging via Sentry (PII transmission disabled) | Legitimate interest |
What We Don't Collect
- Passwords. WebAuthn is password-free by design.
- Biometric data. Face ID and Touch ID are processed locally on the user's device. We receive only the cryptographic verification result.
- Private keys. Passkey private keys never leave the user's device — this is a fundamental guarantee of the WebAuthn protocol.
- Payment card or bank account data. Handled exclusively by LemonSqueezy.
3. Third-Party Services
| Service | Purpose | Country |
|---|---|---|
| Cloudflare | CDN, DDoS protection, landing page hosting | USA |
| Railway | PostgreSQL database and Redis cache hosting | USA (West region) |
| Resend | Transactional email delivery | USA |
| LemonSqueezy | Subscription billing and payment processing | USA |
| Sentry | Error monitoring and crash reporting | USA (us.sentry.io) |
All third-party providers operate under their own privacy policies and applicable data protection frameworks, including standard contractual clauses for EU-US data transfers where applicable.
AI training commitment. We do not use your data — including authentication events, passkey credentials, or usage patterns — to train machine learning or AI models of any kind. This applies to both TryMellon's own systems and any third-party AI providers.
4. Data Retention
| Data type | Retention period |
|---|---|
| Website analytics (anonymized) | 14 months (GA4 default) |
| API request logs (IP, endpoint, status) | 30 days, then deleted |
| Authentication event logs | Active account lifetime + 30 days post-cancellation |
| Passkey credentials | Active account lifetime + 30 days post-cancellation |
| Customer account data (email, name) | Active account lifetime + 2 years (accounting requirements) |
| Error reports (Sentry) | 90 days (Sentry default retention) |
| Database backups | 14-day rolling window |
5. Internal Monitoring
TryMellon is currently operated by one person. In practice, this means:
- Error alerts, API anomalies, and security incidents are personally reviewed by the Operator to diagnose problems and improve the service.
- In the event of a security incident affecting your account or your End Users', the Operator may review specific logs to investigate the root cause.
- No third-party support team has access to your operational data.
The trade-off is real: a large team means more policies and process layers. Here, you get a single person who understands the full system and responds directly.
6. Your Rights
Under Argentine Law 25,326 (Personal Data Protection Act) and, where applicable, the EU General Data Protection Regulation (GDPR), you have the right to:
- Access. Request confirmation of what data we hold about you.
- Rectification. Correct inaccurate data.
- Erasure. Request deletion of your data, subject to legal retention obligations.
- Portability. Receive your data in a machine-readable format.
- Objection. Object to processing based on legitimate interest.
To exercise any of these rights, email [email protected]. We will respond within 30 days.
Argentine users may also file complaints with the Dirección Nacional de Protección de Datos Personales (DNPDP) at www.argentina.gob.ar/aaip/datospersonales .
7. Security
- All data in transit is encrypted with HTTPS / TLS 1.2 or higher.
- Data at rest is encrypted at the database level.
- Passkey credentials store only public keys. By WebAuthn protocol design, a leaked public key cannot be used to authenticate.
- Production access is limited to the minimum required surface.
No system is 100% secure. In the event of a data breach that affects your data or your End Users', we will notify you within 72 hours of becoming aware of the incident.
8. Cookies
The marketing site uses minimal cookies to store your preferences (for example, light or dark theme). We do not use persistent third-party tracking cookies for advertising purposes.
The dashboard uses session cookies required for authentication. The dashboard cannot function without these cookies.
9. Children
TryMellon is a B2B developer service. It is not intended for direct use by anyone under 18 years of age.
10. Changes to This Policy
We will notify you by email at least 14 days before material changes take effect.