1) What is this Envato Login?
2) What does “View your account profile details” permission means:
Means the name and avatar are being pulled from the API eg: https://d.pr/i/3fdSwd . No other details are collected. We wanted our dashboard to look more personal, rather than dull with only a username.
3) What does “Download your purchased items” permission means:
Because this “View your purchases of the app creator’s items” is the only permitted access, it means downloads are only available for the app creator’s items, which is IconPress only (item of ThemeFuzz account).
“Download” is being used by IconPress plugin to pull its updates into WordPress’s Dashboard (> Updates), so users can easily update from backend, rather than manually from FTP. So basically the application has access only to IconPress plugin zip that is hosted on Envato’s cloud servers.
** We already suggested developers of Envato API to rename “Download your purchased items” to “Download App creator’s items” to be clearer. Also in regards to the account details, we suggested Envato API’s developers to check if there’s any way of making more visible and transparent, of what exactly is being pulled (eg: username, name and avatar image).
4) Does this mean my Envato password is used on this dashboard?
Absolutely not! The benefits of this Single-Sign-In process is that a password is not needed or used (reducing password fatigue). The application will generate an internal unique random encrypted password that can be used to login manually (in case you want to share these credentials to someone else). The password can be changed into the Account details section of our application.
5) Is there any other information being pulled into your application?
No, no data (especially sensitive) is being pulled or used in our application.
6) Can someone else use my Envato login information to login to Envato Account (eg: ThemeForest)?
Absolutely not! This kind of Single Sign-in process makes this impossible.