Privacy Policy

Privacy Policy

Auth: MFA & 2FA

Privacy Policy

Auth: MFA & 2FA Privacy Policy – Effective Date: January 8, 2025

Who We Are

Auth: MFA & 2FA (referred to as “we,” “our,” or “us”) provides security tokens for users as an additional layer of authentication for websites and applications supporting TOTP (Time-based One-Time Password) or HOTP (HMAC-based One-Time Password) protocols.

Our Commitment to Your Privacy

We are committed to safeguarding your personal information and ensuring transparency regarding how we handle your data. This Privacy Policy outlines our practices for collecting, using, and protecting the personal information you provide when using our services, including the Auth: MFA & 2FA application, associated browser extensions, and website.

By using our services, you confirm that you have read and agree to the terms of this Privacy Policy.

Scope of this Privacy Policy

This Privacy Policy applies solely to the data we collect directly through our services. It does not cover data collected or stored by third-party websites and applications accessed via our platform. For region-specific privacy considerations, additional provisions are available for users in California and the European Economic Area (EEA).

Consent to Changes

We reserve the right to update or amend this Privacy Policy at our discretion. Any modifications will be posted on this page with the effective date clearly indicated. Users are encouraged to periodically review this document for updates. We will strive to notify users via email, if provided, of significant changes to this policy.

Definitions

  • Device: Refers to the mobile device (e.g., phone, tablet) used to access our services.
  • Auth: MFA & 2FA Application: The software application that generates TOTP or HOTP tokens for authentication purposes.
  • Browser Extension: A software module enabling integration with web browsers to facilitate token generation.
  • Personal Information: Information that identifies or can reasonably be linked to an individual or household, such as a device ID or email address.
  • Services: All products and functionalities provided by Auth: MFA & 2FA.
  • Site: Web pages and application interfaces associated with our services.

Information Collected

To provide secure and efficient services, we may collect the following information:

  • Device Information: Including brand, model, unique ID, operating system, and storage status.
  • Cookies and Analytics: To enhance service quality, monitor user activity, and detect potential security threats.

Purpose of Data Collection

The information we collect is used to:

  1. Facilitate the functionality of our services, such as generating authentication tokens.
  2. Enhance user experience and address technical issues.
  3. Comply with legal obligations and safeguard against fraud or security breaches.

Use of Personal Information

We do not sell, trade, or disclose your personal information to unrelated third parties. However, we may share data with trusted partners for essential service delivery, including email notifications, payment processing, and fraud prevention.

Cookies and Analytics

Cookies enable us to analyze website traffic and improve user experience. Users may disable cookies through browser settings. Additionally, we employ Google Analytics to gain insights into service usage patterns. Details on Google’s data practices can be found here.

Opt-Out Options

You retain the right to:

  1. Request deletion of your personal information, understanding that certain deletions may impact service availability.
  2. Opt out of data collection or refuse consent for cookies and analytics tracking.

Children’s Privacy

Our services are not intended for individuals under 16 years of age. If we identify users under this age, their access will be terminated, and their information will be deleted.

Third-Party Links

Our website and applications may contain links to external websites. We are not responsible for the privacy practices of these third parties and recommend reviewing their policies independently.

Contact Us

For questions or concerns related to this Privacy Policy, please contact us via email at muhammadhuzaifaakram2@outlook.com with the subject line “Privacy Policy.”

Who Receives the Personal Data

The Personal Data you provide will only be shared with third-party service providers when such sharing is necessary to deliver specific aspects of the 2FAS Services. These providers assist us with functionalities such as push notifications, payment processing for donors, and email communication. Additionally, your Personal Data may be disclosed to comply with legal requirements, enforce this Privacy Policy, or protect our rights, property, or safety, or those of others.

No Sale of Personal Data

We will not sell, trade, or transfer your Personal Information to unrelated third parties for marketing, advertising, or other purposes.

Who Can Access the Personal Data

Access to your Personal Data is strictly limited to 2FAS employees, contractors, and third-party service providers with a legitimate need to process the information for the purposes outlined in this policy.

How We Store Your Personal Data

Your Personal Data is securely stored using Amazon Web Services (AWS) cloud infrastructure located in the United States. All data is encrypted using industry-standard encryption protocols. Should the storage location of your Personal Data change, this GDPR Supplement will be updated accordingly.

How Long We Store Your Personal Data

We retain your Personal Data as long as your account remains active and you continue to use the 2FAS Services. Upon your request to cancel services and delete your account, all associated Personal Data will be removed within seven (7) days. However, we are required to retain records of payments and invoices for the duration mandated by applicable regulatory and governmental bodies.

Data Transfers Outside of the European Economic Area (EEA)

We may transfer and store your Personal Data in countries outside the EEA, which may not provide the same level of data protection as your home country. When transferring Personal Data outside of the EEA, we ensure:

  1. The destination country is covered by a European Commission adequacy decision.
  2. The recipient adheres to the US-EU Privacy Shield Framework (or its successor) where applicable.
  3. We have implemented appropriate safeguards, such as contractual clauses, to protect your Personal Data.

Children Under 16

In accordance with Article 8 of the GDPR, individuals under the age of 16 cannot provide consent for the processing of their Personal Data. If we become aware that we have collected Personal Data from someone under the age of 16, their consent will be revoked, and their access to the 2FAS Services will be terminated immediately.

Your GDPR Rights

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your Personal Data:

  1. Right to Access
  2. As per Article 15, you can request confirmation on whether your Personal Data is being processed. You are entitled to details such as the purposes of processing, the categories of data processed, the recipients, and the retention period. Requests will be addressed within thirty (30) calendar days and provided in a machine-readable format. A nominal fee may be applied.
  3. Right to Rectification
  4. Article 16 grants you the right to request correction of inaccurate or incomplete Personal Data. Requests will be fulfilled within thirty (30) calendar days.
  5. Right to Erasure
  6. Under Article 17, you can request the deletion of your Personal Data if:The data is no longer necessary for the original purpose of collection.
  7. There are no legal grounds for continued processing.
  8. The data has been unlawfully processed.
  9. Compliance with an EU legal obligation requires deletion.
  10. Deletion requests will be addressed within thirty (30) calendar days.
  11. Right to Restriction of Processing
  12. Pursuant to Article 18, you may request the restriction of your Personal Data processing if:The data's accuracy is contested.
  13. Processing is unlawful, but you object to erasure.
  14. We no longer need the data, but you require it for legal claims.
  15. You are exercising your right to object under Article 21.
  16. Right to Object
  17. You may object to the processing of your Personal Data for specific purposes under Article 21.

Complaints

If you are dissatisfied with how your Personal Data has been handled, please contact us at muhammadhuzaifaakram2@outlook.com with the subject line “GDPR Complaint” and a detailed explanation of your concerns. You may also lodge a complaint with the supervisory authority in your EU/EEA country of residence or citizenship.

Changes to this Policy

We reserve the right to modify this GDPR Supplement at any time. Changes will be posted on this page with the effective date clearly stated. We recommend that you review this policy periodically for updates. For significant changes, we will endeavor to notify users via email if an email address has been provided. Continued use of our services constitutes your acceptance of any updates.

When a user requests a refund for an in-app purchase, we may share limited, anonymized data with Apple. This may include details such as the time elapsed since installation, total usage duration, an anonymous account identifier, purchase consumption patterns, and transaction amounts. This information is shared exclusively to facilitate the processing and verification of refund requests. No personally identifiable information is disclosed.


Report content on this page

Report Page

Please submit your DMCA takedown request to dmca@telegram.org