Privacy Policy

1. Introduction

Authenticator ("the App," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how the App handles information when you use it. We designed Authenticator with a privacy-first approach — your data stays on your device, under your control.

This Privacy Policy applies to all users of the App and covers all platforms on which the App is available. By using the App, you acknowledge that you have read and understood this Privacy Policy. Please also review our Terms of Use, which govern your use of the App.

2. Information We Do NOT Collect

We want to be transparent about what we do not do with your data. Authenticator does NOT:

• Collect, transmit, or store any personal identification information (name, email address, phone number, postal address)
• Track your usage patterns, behavior, or interactions within the App
• Collect device identifiers, advertising IDs (IDFA/GAID), or fingerprint your device
• Use analytics services, crash reporting tools, or telemetry that sends data to external servers
• Track your location or access location services
• Display advertisements or share data with advertising networks
• Access, read, or transmit your OTP secrets, generated codes, or account credentials to any server
• Sell, rent, lease, or trade any user data to third parties
• Create user profiles, behavioral models, or marketing segments
• Use cookies, web beacons, pixels, or similar tracking technologies

3. Information Stored Locally on Your Device

The App stores the following data exclusively on your device. This data never leaves your device unless you explicitly initiate a backup or enable cloud sync.

3.1 OTP Secrets

The secret keys used to generate one-time passwords are stored in your device's hardware-backed secure storage:

• iOS: Apple Keychain Services with the kSecAttrAccessibleWhenUnlockedThisDeviceOnly protection class
• Android: Android Keystore System with hardware-backed encryption

OTP secrets are stored separately from all other app data and are never written to general-purpose storage, logs, or cache files. They are encrypted at the hardware level by the operating system's secure enclave.

3.2 Account Metadata

Non-sensitive account information is stored in an encrypted local database:

• Account display names and issuer names
• OTP algorithm type (TOTP or HOTP) and configuration parameters (digits, period, counter)
• Category assignments and favorites status
• Account display order and custom icon selections

This data is encrypted at rest using AES-256 encryption. The encryption key is derived and stored within the device's secure keychain, ensuring that even if the device storage is accessed directly, the data remains protected.

3.3 App Settings and Preferences

• Theme preference (light/dark mode)
• Security settings (PIN hash, auto-lock timeout, biometric preference)
• Onboarding completion status
• Widget configuration preferences
• Notification preferences

PIN codes are never stored in plain text. Only a cryptographically secure hash of the PIN is stored for verification purposes.

4. Device Permissions

The App may request the following device permissions. Each permission is used solely for its stated purpose and can be revoked at any time through your device's system settings.

4.1 Camera

Purpose: Scanning QR codes to add new accounts to the App.

Camera access is only activated when you explicitly choose to scan a QR code. The camera feed is processed locally in real-time on your device. No images, video, or camera data are ever recorded, stored, cached, or transmitted. The camera session is immediately terminated after scanning is complete or cancelled.

4.2 Biometric Authentication (Face ID / Touch ID / Fingerprint)

Purpose: Protecting access to the App with biometric verification.

Biometric data is processed entirely by the operating system's secure enclave. The App never accesses, stores, or transmits your biometric data. The App only receives a success/failure result from the system's biometric framework.

4.3 Notifications

Purpose: Delivering local reminders and alerts related to app functionality.

Notifications are generated and delivered locally on your device. No notification data is transmitted to external servers. Notification content never includes OTP codes or sensitive account information.

4.4 Photo Library (Limited Access)

Purpose: Importing QR code images from your photo library to add new accounts.

When you choose to import a QR code from your photo library, the App accesses only the specific image you select. The image is processed locally to extract the QR code data and is not stored, cached, or transmitted.

5. Backups

The App provides an encrypted backup feature that allows you to export your account data for safekeeping.

5.1 How Backups Work

• When you create a backup, all account data (metadata and OTP secrets) is encrypted using AES-256-GCM authenticated encryption
• The encryption key is derived from a master password that you set at the time of backup creation
• Key derivation uses PBKDF2 with a high iteration count to resist brute-force attacks
• The resulting encrypted file (.authbackup) is saved to a location of your choosing (e.g., Files app, AirDrop, email, cloud storage)

5.2 What We Can and Cannot Access

• We have no access to your backup files, master password, or the encryption keys used to protect your backups
• We cannot recover your backup data if you lose your master password
• Backup files, once exported, are stored and managed entirely by you and/or the third-party storage service you choose

6. Cloud Sync (Optional)

The App offers an optional cloud synchronization feature that allows you to sync your accounts across multiple devices.

6.1 How Cloud Sync Works

• Cloud sync is disabled by default and must be explicitly enabled by you
• All data is encrypted end-to-end with your master password before leaving your device
• The encryption is performed locally on your device using AES-256-GCM
• Only the encrypted ciphertext is transmitted to and stored on the cloud server
• Neither we nor the cloud service provider can decrypt or read your synced data

6.2 Cloud Service Provider

Cloud sync uses Firebase Cloud Firestore, a service provided by Google LLC. When cloud sync is enabled:

• Your encrypted data is stored on Firebase servers
• A Firebase Authentication account is created using your Apple ID (via Sign in with Apple) or email — this is the only personal identifier transmitted
• Firebase may collect standard technical metadata (IP address, request timestamps) as part of its service infrastructure
• Firebase is subject to Google/Firebase Privacy Policy

6.3 Disabling Cloud Sync

You can disable cloud sync at any time in Settings. When disabled:

• No further data is transmitted to the cloud
• Your local data remains intact on your device
• You may request deletion of your cloud-stored data by contacting us

7. In-App Purchases

The App may offer optional premium features through in-app purchases. All transactions are processed exclusively by Apple through the App Store.

• We do not collect, process, or store any payment information (credit card numbers, billing addresses, etc.)
• Purchase validation is performed through Apple's StoreKit framework and, optionally, RevenueCat's purchase management service
• RevenueCat may receive a pseudonymous app user ID and purchase receipt data for subscription management. See RevenueCat Privacy Policy
• Apple's collection and use of purchase data is governed by Apple's Privacy Policy

8. Home Screen Widgets

The App provides home screen widgets that display OTP codes for quick access.

• Widget data is stored in a shared app group container on your device, accessible only by the App and its widget extension
• Widget data is encrypted and protected by the same security measures as the main App
• No widget data is transmitted to external servers
• Widgets update locally on your device without any network communication

9. Data Security Measures

We implement comprehensive security measures to protect your data:

9.1 Encryption

• At rest: All sensitive data is encrypted using AES-256 encryption. OTP secrets are additionally protected by the device's hardware-backed secure enclave
• In transit (cloud sync only): Data is encrypted end-to-end with AES-256-GCM before transmission, and the transport layer uses TLS 1.2 or higher
• Backups: AES-256-GCM authenticated encryption with PBKDF2-derived keys

9.2 Access Protection

• Optional biometric authentication (Face ID / Touch ID) using the device's secure enclave
• PIN protection with cryptographically secure hashing
• Configurable auto-lock timer that secures the App after inactivity
• App data is protected by the operating system's sandboxing and data protection classes

9.3 Separation of Concerns

• OTP secrets are stored in the secure keychain, separate from account metadata
• Encryption keys are stored in the secure keychain, separate from the encrypted data
• PIN hashes are stored separately from authentication configuration

10. Data Retention and Deletion

10.1 Local Data

All locally stored data persists on your device until you explicitly delete it or uninstall the App. You can:

• Delete individual accounts at any time within the App
• Delete all App data by uninstalling the App from your device
• Reset the App to its initial state through the settings menu

10.2 Cloud Data (if cloud sync is enabled)

If you have enabled cloud sync, your encrypted data is retained on the cloud server until:

• You explicitly delete your cloud account through the App's settings
• You request deletion by contacting us at support@authenticatorapp.com

Upon receiving a deletion request, we will delete your cloud-stored data within 30 days.

10.3 Backup Data

Backup files that you have exported are stored in locations you control. We have no ability to access or delete your backup files. You are responsible for managing and deleting your backup files.

11. Data Sharing and Disclosure

We do not sell, trade, rent, or share your personal data with any third party.

We may disclose information only in the following limited circumstances:

• Legal requirements: If required to do so by law, court order, subpoena, or other legal process
• Safety: If we believe disclosure is necessary to protect the rights, property, or safety of ourselves, our users, or the public
• Business transfers: In connection with a merger, acquisition, reorganization, or sale of assets, in which case your data would remain subject to this Privacy Policy

Given that we do not collect personal data in the normal operation of the App, these disclosure scenarios are unlikely to arise.

12. International Data Considerations

The App operates locally on your device. If you enable cloud sync, your encrypted data may be stored on servers located in various regions depending on Firebase's infrastructure.

Because all cloud-synced data is encrypted end-to-end before leaving your device, the geographic location of the servers does not affect the confidentiality of your data — it remains encrypted and unreadable to anyone without your master password, regardless of where it is stored.

13. Children's Privacy

The App is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. Since the App does not collect personal information from any user, this concern is inherently mitigated.

If you are a parent or guardian and believe that your child has somehow provided personal information through the App, please contact us at support@authenticatorapp.com and we will take appropriate steps to address your concerns.

14. Your Rights Under GDPR (European Economic Area)

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access: You have the right to know what personal data we hold about you. Since all data is stored locally on your device, you already have full access to it.
• Right to rectification: You can edit any account information directly within the App at any time.
• Right to erasure: You can delete any or all accounts within the App, or uninstall the App to remove all data.
• Right to data portability: You can export all your data through the App's encrypted backup feature.
• Right to restriction of processing: Since all processing occurs locally on your device, you control all data processing by your use of the App.
• Right to object: You may stop using the App and delete it at any time.

Legal basis for processing: The App processes data based on your consent (by choosing to use the App) and the necessity to perform the contract (providing the authentication service described in our Terms of Use).

If you enable cloud sync, Firebase acts as a data processor on your behalf. The data processed is encrypted and cannot be read by Firebase or by us.

15. Your Rights Under CCPA (California)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to know: You have the right to know what personal information we collect. As stated in this policy, we do not collect personal information.
• Right to delete: You can delete all data by removing accounts within the App or uninstalling it.
• Right to opt-out of sale: We do not sell personal information. There is nothing to opt out of.
• Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.

16. Your Rights Under KVKK (Turkey)

If you are located in Turkey, you have rights under the Personal Data Protection Law No. 6698 (KVKK), including the right to learn whether your personal data is processed, to request information about it, to request rectification, and to request deletion. Since the App processes data locally on your device and does not collect personal data on our servers, these rights are inherently upheld through your direct control of the App.

17. Third-Party Links and Services

The App may contain links to third-party websites or services (such as links within these legal pages). We are not responsible for the privacy practices or content of third-party sites. We encourage you to read the privacy policies of any third-party services you interact with.

18. Apple App Store Privacy Nutrition Label

In accordance with Apple's App Privacy requirements, Authenticator's privacy nutrition label reflects the following:

• Data Not Collected: The App does not collect data linked to your identity
• Data Not Linked to You: When cloud sync is enabled, encrypted data and a pseudonymous identifier may be stored, but this data cannot be used to identify you
• No Tracking: The App does not track users across apps or websites owned by other companies

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Effective Date" at the top of this page
• Where practicable, provide notice through the App or via other appropriate means

Your continued use of the App after changes to this Privacy Policy constitutes your acceptance of the updated policy. We encourage you to review this Privacy Policy periodically.

20. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to all privacy-related inquiries within 30 days.