Privacy Policy — Oryggi IdentityXpert SSO

Last updated: June 2026 · Published by Oryggi Technologies Pvt Ltd

The Oryggi IdentityXpert SSO browser extension provides enterprise Single Sign-On: it auto-fills login credentials for applications your organisation has registered, and enforces multi-factor authentication (MFA), including biometric verification, before granting access. This policy explains what the extension accesses and how that data is handled.

What the extension accesses

• Page content on registered apps. The extension reads form fields on the login pages of applications your administrator has registered with your Oryggi tenant, so it can detect the sign-in form and fill the correct username/password. It does not read or transmit the content of other websites.
• Your stored credentials. Credentials are stored encrypted in your organisation's Oryggi tenant (server side). The extension requests them only after you pass the required MFA, fills them into the login form on your device, and does not retain them.
• Biometric verification. Fingerprint, face and palm verification run on your own device against templates your organisation enrolled. The extension relays a signed match result; raw biometric data never leaves your device and is never sent to Oryggi or any third party.
• Local configuration. The extension stores its API endpoint and your session token in the browser's local extension storage so it can talk to your Oryggi tenant. This is removed when the extension is uninstalled.

What we do NOT do

• We do not sell, rent, or share your data with third parties.
• We do not use your data for advertising or tracking.
• We do not collect browsing history or activity on sites other than your registered apps.
• We do not transmit raw biometric images or templates anywhere.

Data controller

Your employer / organisation (the Oryggi tenant administrator) is the data controller for the credentials and identity data processed through this extension. Oryggi Technologies Pvt Ltd acts as the software provider / data processor on their behalf.

Data security

Credentials are encrypted at rest in the Oryggi tenant. All communication between the extension and the Oryggi service uses HTTPS. Access is gated by your organisation's authentication and MFA policies.

Data retention & removal

Locally stored configuration and session data are removed when you uninstall the extension. Credentials held in your Oryggi tenant are managed by your administrator and can be removed on request through them.

Contact

For privacy questions, contact your organisation's Oryggi administrator, or Oryggi Technologies Pvt Ltd at www.oryggitech.com.