Privacy Policy for Authenticator App

Last Updated: April 9, 2025

Welcome to Authenticator ("the App"), developed by arifz ("we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our App. We are committed to safeguarding your privacy and ensuring the security of your personal information.

By using the Authenticator App, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use the App.

1. Information We Collect

The Authenticator App is designed to help you generate one-time passwords (OTPs) for two-factor authentication. We collect and store the following information:

• Account Information: When you add an account to the App, we collect and store the following data locally on your device:
  • Account name (e.g., the name you assign to the account, such as "My Email").
  • Secret key (used to generate OTPs).
  • OTP type (e.g., TOTP or HOTP).
• No Personal Data Collection: The App does not collect personally identifiable information (PII) such as your name, email address, phone number, or location unless explicitly provided by you in the account name field.
• No Network Data: The App operates entirely offline and does not transmit any data over the internet, except when you choose to view our Privacy Policy, which loads an online webpage (see Section 5 for details).

2. How We Use Your Information

We use the information collected to provide the core functionality of the App, specifically:

• OTP Generation: The secret key and OTP type are used to generate one-time passwords for two-factor authentication.
• Local Storage: Account information is stored locally on your device to allow you to manage and access your accounts within the App.
• No Analytics or Tracking: We do not use your data for analytics, advertising, or any other purpose beyond the App’s core functionality.

3. How We Protect Your Information

We take the security of your data seriously and implement the following measures to protect it:

• Encryption: The secret keys stored in the App’s local database are encrypted using AES-256 encryption with a key securely stored in the Android KeyStore. This ensures that even if someone gains access to your device’s database, the secret keys cannot be easily accessed.
• Local Storage: All data is stored locally on your device and is not transmitted to any external servers.
• No Cloud Backup: The App does not automatically back up your data to the cloud. If you enable device backups (e.g., via Android Backup), the encrypted data may be included, but it cannot be decrypted without the device-specific encryption key.
• No Third-Party Access: We do not share your data with third parties, as the App operates offline.

Despite these measures, no method of storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

4. Data Sharing and Disclosure

We do not share, sell, or disclose your data to any third parties, except in the following circumstances:

• Legal Requirements: We may disclose your information if required to do so by law or in response to a valid request from a governmental authority (e.g., a court order or subpoena).
• Protection of Rights: We may disclose your information to protect our rights, property, or safety, or that of our users or the public.

5. Third-Party Services

The App includes a link to view our Privacy Policy online, which is loaded in a WebView. When you access this link:

• Internet Access: The App requires internet access to load the Privacy Policy webpage.
• Third-Party Data Collection: The webpage may collect standard web analytics data (e.g., IP address, browser type) as per the hosting provider’s policies. We do not control this data collection and recommend reviewing the privacy policy of the hosting provider (e.g., github) for more information.

The App does not integrate with any other third-party services, such as analytics or advertising platforms.

6. Data Retention and Deletion

• Local Storage: Your account data (account name, encrypted secret key, and OTP type) is stored on your device until you delete it using the App’s delete functionality.
• Manual Deletion: You can delete any account at any time through the App’s interface. Once deleted, the data is permanently removed from the local database.
• App Uninstallation: If you uninstall the App, all data stored locally by the App will be deleted, unless you have enabled device backups.

7. Children’s Privacy

The Authenticator App is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information.

8. Your Rights and Choices

Since the App stores data locally and does not transmit it to us, you have full control over your data:

• Access and Edit: You can view and edit your account information directly within the App.
• Delete: You can delete any account at any time using the App’s delete functionality.
• No Data Sharing: We do not share your data with third parties, so there are no opt-out mechanisms for data sharing.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes, we will update the "Last Updated" date at the top of this policy. If the changes are significant, we may notify you through the App or by other means. We encourage you to review this Privacy Policy periodically.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: