Start Free Trial

Privacy policy

Effective Date: October 14, 2025

1) Who we are

This Privacy Policy explains how AuthenticKey ("we", "us") processes your information when you use our mobile application ("Service"). Our company is registered in the European Union, and we comply with the General Data Protection Regulation (GDPR) and other applicable privacy laws worldwide.

Contact: [email protected]

2) What we do not collect

Your 2FA secrets (TOTP/HOTP seeds) and generated codes are processed only on your device. We cannot access them. We do not collect your contacts, passwords, photo library, or other app content.

3) What data we collect

  • User-provided: support emails you send us; purchase receipts (via Apple/Google in-app purchases).
  • Automatic: device model, OS version, language/locale, IP (truncated), time zone; app usage events; crash reports and diagnostics via Firebase.
  • Backup (optional): if you enable iCloud backup, your 2FA secrets are end-to-end encrypted by Apple before leaving your device. We cannot read or decrypt your codes.

4) Why we process data

Under GDPR we process data based on:

  • Contract: provide the Service and validate your subscription.
  • Legitimate interests: improve stability, prevent abuse, measure aggregated usage.
  • Consent: analytics/attribution (Adjust), push notifications, optional marketing communications.
  • Legal obligation: comply with tax/accounting laws for purchases.

5) How we use data

  • Provide and improve the Service
  • Validate and manage subscriptions
  • Analyze app usage and attribution
  • Monitor stability and diagnose crashes
  • Communicate with you if you contact support

6) Sharing with service providers

We do not sell your personal information. We may share limited data with trusted providers who operate under our instructions:

  • Apple iCloud – optional backup of 2FA secrets (E2EE)
  • Apple App Store / Google Play – distribution and purchases
  • Adjust GmbH – attribution & analytics (privacy)
  • Adapty LLC – subscription management (privacy)
  • Google Firebase – crash logs, diagnostics, push (privacy)

7) International transfers

Data may be processed outside the EU. We use Standard Contractual Clauses (SCCs) or adequacy decisions to ensure safeguards.

8) Retention

  • 2FA secrets: only on your device (or iCloud if enabled) until you delete them
  • Subscriptions: kept as legally required (e.g., 6–10 years)
  • Crash logs/analytics: usually max 12 months
  • Support emails: kept until resolved + up to 12 months

9) Security

We use on-device secure storage (iOS Keychain / Android Keystore), TLS transport encryption, and end-to-end encryption for backups. We design the app so that your secrets remain local and unreadable to us.

10) Your rights

You may have rights to access, correct, delete, object, restrict processing, withdraw consent, request portability, and complain to a supervisory authority. Contact us at [email protected].

11) Children

Not for users under 13 (US COPPA) or under 16 where required (EU). We do not knowingly collect children's data.

12) CCPA/CPRA (California)

We do not "sell" or "share" personal information as defined by the CPRA. California residents may request access, deletion, or correction of their data by contacting us.

13) Do Not Track

We do not respond to Do Not Track signals. We do not use cross-site tracking or targeted ads.

14) Changes

We may update this policy; we will update the date above and notify you via app or website for material changes. Latest version: authentickey.app/privacy

15) Contact

Email: [email protected]