Privacy Policy
Last updated: January 29, 2026
Summary: slick.ge is a private authentication gateway for personal use. We collect minimal data, use Google for authentication, and do not track, sell, or share your information.
1. Overview
This Privacy Policy describes how slick.ge ("we," "us," or "our") handles information when you use our private authentication gateway. This service is not a commercial product—it exists solely to provide secure access to self-hosted services for a pre-approved group of family and friends.
2. Information We Collect
2.1 Authentication Data
When you authenticate through Google OAuth, we receive:
- Your Google account email address
- Your Google account ID (unique identifier)
- Basic profile information (name, profile picture) if granted
We do not receive or store your Google password. Authentication credentials are handled entirely by Google.
2.2 Session Data
To maintain your authenticated session, we store:
- Session tokens (encrypted, stored in HTTP-only cookies)
- Session expiration timestamps
- IP address associated with the session (for security purposes)
2.3 Access Logs
For security and troubleshooting purposes, we maintain minimal server logs:
- Timestamps of authentication attempts
- IP addresses of connection attempts
- User agent strings (browser/device information)
- Success/failure status of authentication
These logs are retained for 30 days and then automatically deleted.
2.4 Information We Do NOT Collect
- Analytics or tracking data
- Cookies for advertising or third-party tracking
- Browsing behavior or usage patterns
- Personal information beyond what's required for authentication
- Financial or payment information (this is a non-commercial service)
3. How We Use Your Information
We use the collected information exclusively for:
- Authentication: Verifying your identity against our allowlist
- Authorization: Determining whether you should have access to services
- Security: Detecting and preventing unauthorized access attempts
- Session Management: Maintaining your logged-in state
- Technical Support: Troubleshooting access issues when requested
4. Information Sharing and Disclosure
We do not sell, rent, or share your information with third parties. Your data is never disclosed except in the following limited circumstances:
- Legal Obligations: If required by law, court order, or governmental request
- Security Threats: If necessary to protect against fraud, abuse, or security threats
We do not share data with advertisers, data brokers, or marketing companies.
5. Third-Party Services
5.1 Google OAuth
Authentication is handled by Google Cloud's OAuth 2.0 service. When you sign in, you are subject to Google's Privacy Policy. We recommend reviewing:
5.2 No Other Third Parties
We do not use:
- Analytics services (Google Analytics, etc.)
- Advertising networks
- Social media integrations
- Content delivery networks with tracking
- Third-party cookies
6. Data Storage and Security
6.1 Where Data is Stored
All data is stored on private, self-hosted infrastructure. Data does not reside in public cloud environments except for authentication through Google.
6.2 Security Measures
We implement industry-standard security practices:
- TLS 1.3 encryption for all connections
- HTTP-only, secure cookies for session management
- CSRF protection on all authenticated requests
- Regular security updates and patches
- Access logs monitoring for suspicious activity
- Time-limited sessions requiring re-authentication
6.3 Data Retention
- Session Data: Deleted when session expires or you log out
- Access Logs: Retained for 30 days, then automatically deleted
- Allowlist Data: Maintained only for currently authorized users
7. Your Rights and Choices
As an authorized user, you have the right to:
- Access: Request information about what data we store about you
- Deletion: Request removal of your data and access privileges
- Correction: Request updates to stored information (via Google account changes)
- Revocation: Revoke OAuth permissions through your Google account settings
To exercise these rights or for questions about your data, contact the administrator directly.
8. Cookies and Tracking
We use only essential cookies required for authentication:
- Session Cookie: Stores your encrypted authentication token
- CSRF Token Cookie: Protects against cross-site request forgery
These cookies are:
- HTTP-only (not accessible via JavaScript)
- Secure (transmitted only over HTTPS)
- SameSite (protected against cross-site attacks)
- Automatically deleted when you log out or session expires
We do not use tracking cookies, advertising cookies, or analytics cookies.
9. Children's Privacy
This service is not intended for individuals under 13 years of age. We do not knowingly collect information from children. If you believe a child has accessed this service, please contact the administrator.
10. International Users
This service is operated from and intended for use within a specific geographic location. If you access this service from outside that location, your data may be transferred to and processed in a jurisdiction with different data protection laws.
11. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. The "Last updated" date at the top indicates when changes were last made. Continued use of the service after changes constitutes acceptance of the updated policy.
12. Contact Information
For questions about this Privacy Policy or to exercise your data rights, contact the service administrator. As this is a private service, contact information is available to authorized users only.
Data Protection Principles: This service adheres to data minimization principles. We collect only what is necessary for authentication and security. We do not monetize your data, share it with third parties, or use it for purposes beyond providing secure access to services.