Privacy settings
The Stytch SDK includes built-in privacy controls that allow you to manage how user data is collected, stored, and shared. These settings can be configured when initializing the SDK or adjusted at runtime.Data minimization
By default, Stytch collects only the minimum data necessary to provide authentication services. You can further restrict data collection by:- Limiting the user attributes collected during sign-up
- Disabling optional telemetry and analytics
- Configuring session duration to minimize data retention
User consent
The SDK supports consent management workflows to ensure users have control over their data:- Explicit opt-in for data collection beyond authentication
- Granular consent for specific features or integrations
- Ability for users to withdraw consent at any time
GDPR compliance
For applications serving users in the European Union, Stytch provides GDPR-compliant features:- Right to access: Users can request their data through the SDK
- Right to deletion: Implement user data deletion through users.delete()
- Data portability: Export user data in a structured format
Best practices
- Always inform users about what data you collect and why
- Provide clear privacy policies and terms of service
- Implement proper consent flows before collecting sensitive information
- Regularly review and update your privacy settings as regulations evolve
- Use Stytch’s session management features to minimize exposure of user data