Privacy Policy
1. INTRODUCTION
Welcome to MFA Authenticator ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App").
By using the App, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not use the App.
2. INFORMATION WE COLLECT
2.1 Information Stored Locally on Your Device
The App is designed with privacy as a core principle. All sensitive data is stored locally on your device and is never transmitted to our servers or any third party. This includes:
• Two-Factor Authentication (TOTP) Secrets: The secret keys used to generate time-based one-time passwords are stored exclusively in your device's secure Keychain and never leave your device.
• Passwords: All passwords you store in the password manager are encrypted and stored locally in your device's Keychain. We do not have access to these passwords.
• Account Names and Service Names: Information about which services and accounts you've added to the App is stored locally on your device.
• Browsing History: Any websites you visit using the integrated browser are not tracked, recorded, or transmitted by us.
• App Settings: Your preferences, including passcode and Face ID settings, are stored locally on your device.
2.2 Information We May Collect
• Device Information: We may collect basic information about your device, such as device type, operating system version, and App version, solely for the purpose of improving App performance and compatibility.
• Anonymous Usage Analytics: We may collect anonymized usage statistics, such as feature usage frequency and App crashes, to help us improve the App. This data cannot be used to identify you personally.
• Camera Access: When you scan QR codes to add TOTP accounts, the App accesses your device camera. No images or videos are recorded, stored, or transmitted. The camera is used solely for real-time QR code scanning.
2.3 Information We Do NOT Collect
We want to be absolutely clear about what we do NOT collect:
• We do NOT collect, store, or transmit your TOTP codes or secrets
• We do NOT collect, store, or transmit your passwords
• We do NOT track your browsing activity
• We do NOT collect your name, email address, phone number, or other personally identifiable information
• We do NOT use third-party analytics services that track individual users
• We do NOT sell your data to third parties
• We do NOT create user profiles or accounts on our servers
3. HOW WE USE YOUR INFORMATION
3.1 Local Data Processing
All authentication and password data is processed entirely on your device. We use Apple's Keychain Services to securely store your TOTP secrets and passwords with industry-standard encryption.
3.2 App Improvement
Anonymous usage data, if collected, is used solely to:
• Identify and fix bugs
• Improve App performance and stability
• Understand which features are most valuable to users
• Optimize the user experience
4. DATA SHARING AND DISCLOSURE
4.1 General Policy
We do not sell, trade, or otherwise transfer your personal information to third parties. Your TOTP secrets, passwords, and other sensitive data remain on your device at all times.
4.2 Refund-Related Data Sharing
We may share limited anonymized information with Apple when a user requests a refund for an in-app purchase. This includes (but is not limited to) time since installation, usage duration, an anonymous account identifier, purchase consumption details, and transaction amounts, solely for the purpose of processing and verifying refund requests. No personally identifiable information is shared.
4.3 Legal Requirements
We may disclose information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). However, since we do not collect or store your sensitive data on our servers, we would have no access to your TOTP secrets or passwords even if legally compelled.
4.4 Business Transfers
In the event of a merger, acquisition, or sale of all or a portion of our assets, user information may be transferred as part of that transaction. However, the fundamental privacy protections of local-only data storage would remain unchanged.
5. DATA SECURITY
5.1 Local Encryption
All sensitive data, including TOTP secrets and passwords, is stored in your device's Keychain, which uses hardware-based encryption provided by Apple. This ensures that your data is protected even if your device is lost or stolen (provided you have a device passcode enabled).
5.2 Biometric Authentication
When you enable Face ID protection, biometric authentication is handled entirely by your device's operating system. We do not collect, store, or have access to your biometric data. The biometric verification is performed locally by iOS, and we only receive a success or failure result.
5.3 App Passcode
If you enable a passcode for the App, this passcode is stored securely on your device and is used to encrypt access to the App's features. We do not have access to your passcode.
5.4 Security Limitations
While we implement industry-standard security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security, but we are committed to using best practices to protect your information.
6. YOUR PRIVACY RIGHTS AND CHOICES
6.1 Data Access and Control
Since all your data is stored locally on your device, you have complete control over it. You can:
• View all stored TOTP accounts and passwords within the App
• Edit or delete any stored information at any time
• Export your data by manually backing up your TOTP secrets
• Completely erase all data using the "Reset Data" feature in Settings
6.2 Camera Permissions
You can control the App's access to your camera through your device settings at any time. If you deny camera access, you can still add TOTP accounts manually.
6.3 Face ID Permissions
You can enable or disable Face ID authentication for the App at any time through the App's settings.
6.4 Data Deletion
To delete all your data:
1. Use the "Reset Data" option in the App's Settings, which will permanently delete all TOTP codes and passwords from your device
2. Uninstall the App from your device
Please note that data deletion is permanent and cannot be undone. We do not have backups of your data since everything is stored locally.
7. CHILDREN'S PRIVACY
The App is not intended for use by children under the age of 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can take appropriate action.
8. THIRD-PARTY SERVICES
8.1 Apple Services
The App integrates with the following Apple services:
• Keychain Services: For secure local storage of TOTP secrets and passwords
• Face ID / Touch ID: For biometric authentication (processed entirely on your device)
• App Store: For app distribution and in-app purchases
• Camera: For QR code scanning
Your use of these Apple services is governed by Apple's Privacy Policy, which can be found at https://www.apple.com/legal/privacy/
8.2 Integrated Browser
The App includes an integrated browser for your convenience. When you use this browser:
• We do not track, record, or store the websites you visit
• We do not intercept or store data you enter on third-party websites
• Third-party websites may collect their own data according to their privacy policies
• Cookies and other tracking technologies used by third-party websites are governed by those websites' privacy policies
8.3 TOTP Standard
The App implements the TOTP (Time-Based One-Time Password) algorithm as defined in RFC 6238, which is an open standard. The App generates codes locally on your device and does not communicate with the services for which you generate codes.
9. DATA RETENTION
9.1 Local Data Retention
Your TOTP secrets and passwords are stored on your device indefinitely until you:
• Manually delete individual items
• Use the "Reset Data" feature to delete all data
• Uninstall the App
9.2 No Server-Side Data
Since we do not store your sensitive data on our servers, there is no server-side data retention to manage.
9.3 Anonymous Analytics
If we collect anonymous usage analytics, this data may be retained for up to 24 months for the purpose of analyzing trends and improving the App.
10. DATA BACKUP AND TRANSFER
10.1 No Cloud Backup
The App does not provide cloud backup functionality. Your TOTP secrets and passwords are not backed up to iCloud or any other cloud service. This is an intentional design decision to maximize your privacy and security.
10.2 Device Backup Considerations
If you back up your device using iCloud or iTunes, your App data may be included in the device backup. These backups are encrypted and managed by Apple according to their privacy policies.
10.3 Device Transfer
When switching to a new device, you are responsible for manually transferring your TOTP secrets and passwords. We recommend:
• Temporarily disabling two-factor authentication on your accounts
• Scanning new QR codes on your new device
• Re-entering passwords in the password manager
• Using backup codes provided by your service providers
11. INTERNATIONAL DATA TRANSFERS
Since all sensitive data is stored locally on your device and we do not operate servers that store your personal information, there are no international data transfers of your TOTP secrets or passwords.
Any anonymous analytics data we collect may be processed in various jurisdictions, but this data cannot be used to identify you personally.
12. YOUR CONSENT
By using the App, you consent to this Privacy Policy and agree to its terms. If you do not agree with this Privacy Policy, please do not use the App.
13. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any significant changes by:
• Updating the "Last Updated" date at the top of this Privacy Policy
• Displaying a notice within the App (for material changes)
Your continued use of the App after changes to this Privacy Policy constitutes your acceptance of the updated policy. We encourage you to review this Privacy Policy periodically.
14. CALIFORNIA PRIVACY RIGHTS
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):
• Right to Know: You have the right to know what personal information we collect, use, and disclose. As stated in this Privacy Policy, we collect minimal data and store sensitive information locally on your device only.
• Right to Delete: You have the right to request deletion of your personal information. Since your data is stored locally on your device, you can delete it at any time using the "Reset Data" feature.
• Right to Opt-Out of Sale: We do not sell your personal information to third parties.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
15. EUROPEAN UNION PRIVACY RIGHTS (GDPR)
If you are located in the European Union, you have specific rights under the General Data Protection Regulation (GDPR):
• Right of Access: You can access all your data directly within the App.
• Right to Rectification: You can edit or correct any information stored in the App at any time.
• Right to Erasure: You can delete all your data using the "Reset Data" feature.
• Right to Data Portability: You can manually export your TOTP secrets and password information.
• Right to Object: Since we process data locally on your device and collect minimal analytics, there is limited processing to object to.
• Legal Basis for Processing: We process your data based on your consent and our legitimate interest in providing and improving the App.
16. CONTACT US
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us through the "Contact Us" option in the App's Settings.
We are committed to working with you to resolve any privacy concerns you may have.
17. DATA PROTECTION OFFICER
If required by applicable law, we will appoint a Data Protection Officer. Contact information will be provided in future updates to this Privacy Policy if applicable.
18. TRANSPARENCY COMMITMENT
We are committed to transparency about our privacy practices. This Privacy Policy is designed to be clear and comprehensive. The key principles of our approach are:
• Privacy by Design: Your sensitive data never leaves your device
• Minimal Data Collection: We collect only what is necessary to provide and improve the App
• User Control: You have complete control over your data
• No Data Sales: We will never sell your personal information
• Security First: We use industry-standard encryption and security practices
19. SPECIFIC FEATURES AND PRIVACY
19.1 QR Code Scanner
When you scan a QR code to add a TOTP account:
• The camera captures the QR code in real-time
• The QR code is processed locally on your device to extract the TOTP secret
• No images are saved, stored, or transmitted
• The TOTP secret is immediately stored in your device's Keychain
• We do not have access to the QR code or the extracted secret
19.2 Password Generator
The password generator creates strong passwords entirely on your device using cryptographically secure random number generation. Generated passwords are not transmitted or stored anywhere unless you choose to save them in the password manager.
19.3 Password Manager
• Passwords are encrypted and stored in your device's Keychain
• We cannot access, view, or recover your passwords
• If you forget your App passcode, you will lose access to your stored passwords
• There is no password recovery mechanism because we do not have access to your data
20. COMPLIANCE WITH LAWS
We comply with applicable privacy and data protection laws, including but not limited to:
• California Consumer Privacy Act (CCPA)
• General Data Protection Regulation (GDPR)
• Children's Online Privacy Protection Act (COPPA)
• Other applicable local and international privacy laws
21. ACKNOWLEDGMENT
BY USING THE APP, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS PRIVACY POLICY, UNDERSTAND IT, AND AGREE TO BE BOUND BY ITS TERMS.
CONTACT INFORMATION
For privacy-related questions, concerns, or requests, please use the "Contact Us" feature in the App's Settings or contact via Hilla69953@icloud.com .
Thank you for trusting us with your security and privacy.
END OF PRIVACY POLICY