Privacy Policy

Last updated: December 16, 2025

Thank you for using AuthKey. This Privacy Policy explains, in clear and professional terms, how we handle your information. Our core principles are: no collection, no upload, and minimal access to your data.

1. Scope

• This Policy applies to your use of the AuthKey app and its built‑in features on iOS, iPadOS, and macOS (such as QR code scanning, Bridge service, and App Lock).
• If this Policy conflicts with a platform policy (for example, Apple’s policies), the policy that offers stronger privacy protection will prevail.

2. Information We Do Not Collect

• We do not operate a server‑side account system.
• We do not collect or upload your one‑time passwords (OTP), secrets, QR code contents, or any credentials.
• We do not integrate any third‑party analytics or advertising SDKs.

3. Data Processed and Stored On‑Device

• Your OTPs and secrets are stored only on your device within the system container (for example, iOS Keychain or other secure storage accessible to the app sandbox).
• If you choose to export data, the export file is generated in encrypted form and remains under your control. We cannot access or obtain this file unless you explicitly share it.

4. Use of Device Permissions

We request device permissions only when strictly necessary to provide specific features:

• Camera: Used solely to scan QR codes for adding tokens. Camera feed and QR contents are not uploaded to any server.
• Local Network: Used by the Bridge feature to provide codes over your local network. Data is transmitted within your LAN and is not collected by us.
• Face ID / Touch ID: Used for local unlocking when App Lock is enabled. Biometric matching is performed by the operating system; we do not receive your face or fingerprint data.

5. Data Security