Privacy Policy

Last updated: August 1, 2025

Introduction

Authenticator* ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application. This policy applies to all versions of Authenticator* including iOS, iPadOS, watchOS, and macOS applications.

We understand that privacy is important to you, and we are committed to being transparent about our data practices. By using Authenticator*, you consent to the data practices described in this policy. If you do not agree with our policies and practices, please do not download, register with, or use the application.

This Privacy Policy is incorporated into and made a part of our Terms of Service. Any capitalized terms not defined in this Privacy Policy have the meanings given to them in the Terms of Service.

Information We Collect

Information You Provide Directly

  • Authentication Data: TOTP secret keys, account names, and issuer information for your 2FA accounts. This data is stored locally on your device and encrypted using industry-standard encryption methods.
  • Backup Data: If you choose to enable iCloud backup, your encrypted authentication data may be stored in your personal iCloud account.
  • App Preferences: Your settings such as app appearance, notification preferences, security settings, and display options.
  • Support Communications: Information you provide when contacting our support team, including your email address, device information, and description of issues.
  • Feedback and Ratings: Any feedback, suggestions, or ratings you provide about the app.

Information Collected Automatically

  • Device Information: Device model, operating system version, unique device identifiers, system language, timezone, and device settings.
  • App Usage Data: Features used, frequency of use, session duration, user flows, and interaction patterns within the app.
  • Performance Data: App launch time, response times, error rates, and resource usage statistics.
  • Crash Reports: Technical information about app crashes including device state, stack traces, and system logs.
  • Network Information: IP address (anonymized), general location (country/region level), and network type.

Information We Do NOT Collect

  • We do NOT have access to your actual authentication codes or TOTP seeds
  • We do NOT collect your passwords or login credentials for third-party services
  • We do NOT track your location beyond country/region level
  • We do NOT access your contacts, photos, or other personal data on your device

Third-Party Services

We use carefully selected third-party services to improve our app's functionality and your experience. Each service is bound by their own privacy policies, and we encourage you to review them:

RevenueCat

We use RevenueCat to manage in-app purchases and subscriptions. RevenueCat processes:

  • Purchase transaction data (without payment card details)
  • Subscription status and history
  • Anonymous user identifiers for purchase validation
  • Device and app version information for compatibility

RevenueCat's Privacy Policy: https://www.revenuecat.com/privacy

Firebase (Google)

We use multiple Firebase services to improve app quality and user experience:

  • Firebase Analytics: Collects app usage data, user demographics (age, gender, interests), and behavior patterns to help us understand how users interact with our app
  • Firebase Crashlytics: Automatically collects crash reports, including device state, app state, and stack traces to help us identify and fix issues
  • Firebase Performance Monitoring: Measures app performance metrics like startup time, network request latency, and screen rendering performance
  • Firebase Remote Config: Allows us to update app behavior and appearance without requiring an app update

Firebase Privacy Policy: https://firebase.google.com/support/privacy

Adjust

We use Adjust for mobile attribution and analytics to understand our marketing effectiveness:

  • Track app installations and their sources
  • Measure marketing campaign performance
  • Analyze user retention and engagement
  • Detect and prevent attribution fraud

Adjust processes device identifiers, IP addresses (hashed), and interaction data. You can opt-out of Adjust tracking at: https://www.adjust.com/opt-out/

Adjust Privacy Policy: https://www.adjust.com/terms/privacy-policy/

How We Use Your Information

We use the information we collect for the following purposes:

  • To Provide Our Services: Enable core app functionality, generate authentication codes, and manage your 2FA accounts
  • To Improve User Experience: Analyze usage patterns to improve app design and features
  • To Ensure Security: Detect and prevent fraudulent activity, unauthorized access, and security vulnerabilities
  • To Provide Support: Respond to your inquiries, troubleshoot issues, and provide customer service
  • To Send Communications: Send important updates about the app, security alerts, and service notifications
  • To Comply with Legal Obligations: Meet legal requirements and respond to legal processes
  • For Analytics and Research: Understand user behavior, measure app performance, and conduct research to improve our services

Data Security

We implement multiple layers of security to protect your information:

Technical Measures

  • Encryption at Rest: All authentication data stored on your device is encrypted using AES-256 encryption
  • Encryption in Transit: All network communications use TLS 1.3 or higher
  • Biometric Protection: Support for Face ID, Touch ID, and device passcode protection
  • Secure Keychain Storage: Sensitive data is stored in the iOS Keychain with the highest security settings
  • Code Obfuscation: Our app code is obfuscated to prevent reverse engineering

Operational Measures

  • No Server Storage: Your authentication secrets never leave your device unless you explicitly enable backup
  • Regular Security Audits: We conduct regular security assessments and penetration testing
  • Minimal Data Collection: We only collect data necessary for app functionality and improvement
  • Access Controls: Strict access controls limit who can access analytics and diagnostic data
  • Incident Response: We have procedures in place to quickly respond to any security incidents

While we implement strong security measures, no method of electronic storage is 100% secure. We cannot guarantee absolute security but commit to using industry best practices to protect your information.

Data Sharing and Disclosure

We are committed to protecting your privacy and will not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

  • With Your Consent: We may share information when you give us explicit permission to do so
  • Service Providers: We share limited data with our third-party service providers (RevenueCat, Firebase, Adjust) who assist us in operating our app
  • Legal Requirements: We may disclose information if required by law, court order, or government request
  • Protection of Rights: We may disclose information to protect our rights, property, or safety, or that of our users or the public
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, user information may be transferred to the acquiring entity

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes.

Data Retention

We retain your information only as long as necessary to fulfill the purposes outlined in this Privacy Policy:

Retention Periods

  • Authentication Data: Stored locally on your device indefinitely until you manually delete it or uninstall the app
  • Analytics Data: Retained for up to 24 months to analyze trends and improve our services
  • Crash Reports: Kept for 90 days to identify and fix issues
  • Support Correspondence: Retained for up to 3 years or as required by law
  • Purchase Records: Maintained as required by tax and accounting regulations (typically 7 years)
  • Marketing Data: Retained until you opt-out or for up to 3 years of inactivity

Deletion Practices

When retention periods expire, we securely delete or anonymize your information using industry-standard methods. For data stored on your device, you maintain full control and can delete it at any time through the app settings.

Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

Access and Control

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information, subject to legal obligations
  • Portability: Request your data in a structured, machine-readable format
  • Restriction: Request that we limit processing of your personal information
  • Objection: Object to our processing of your personal information

Opt-Out Options

  • Analytics: Disable analytics collection in app settings
  • Crash Reports: Opt-out of automatic crash reporting in app settings
  • Marketing: Unsubscribe from marketing communications using the link in emails
  • Personalized Ads: Use your device's ad tracking settings to limit ad personalization

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days and may ask for additional information to verify your identity.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

Specifically, our third-party service providers are based in the United States and other countries. This means that when we collect your personal information, we may process it in these countries.

However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Policy. These include implementing the European Commission's Standard Contractual Clauses for transfers of personal information between our group companies and ensuring that all third-party service providers are bound by appropriate data protection agreements.

California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you
  • Right to Delete: You have the right to request that we delete personal information we have collected from you
  • Right to Opt-Out: You have the right to opt-out of the sale of your personal information (Note: We do not sell personal information)
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights

To exercise these rights, please contact us using the information provided below. We may ask you to verify your identity before processing your request.

European Privacy Rights

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal Basis: We process your personal information based on legitimate interests, consent, contractual necessity, or legal obligations
  • Data Protection Officer: You may contact our Data Protection Officer at [email protected]
  • Supervisory Authority: You have the right to lodge a complaint with your local data protection supervisory authority

Children's Privacy

Protecting children's privacy is especially important to us. Our service is not directed to individuals under the age of 13 (or 16 in some jurisdictions).

We do not knowingly collect personal information from children under these ages. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from children without verification of parental consent, we will take steps to remove that information from our servers.

For users between 13 and 18 years of age, we recommend parental guidance when using our app and services.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we make changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Notify you of any material changes via in-app notification or email
  • Obtain your consent for any changes that require it under applicable law

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our services after any changes indicates your acceptance of the updated Privacy Policy.

Contact Us

If you have questions about this Privacy Policy, please contact us at:

Email: [email protected]
ARCTEC YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKET
Address: ABDURRAHMAN NAFİZ GÜRMAN MAH. GENERAL ALİ RIZA GÜRCAN CAD. PLATFORM SUİT B BLOK NO: 27 İÇ KAPI NO: 81 GÜNGÖREN/ İSTANBUL