Privacy Policy

Last updated: 16 July 2025

1. Acceptance of Policy

1.1. This Privacy Policy explains and lists the transparency information regarding what personal data is collected (Section 3) when you use our Service “Authenticator - 2FA App” and the services provided through it (together “Service”), how such personal data will be processed (Section 4) and which rights do you have with respect to your personal data (Section 9).

1.2. By using the Service, you promise us that (i) you have read, understand, and agree to this Privacy Policy and the data processing described, and (ii) you are over 16 years of age. If you do not agree or are unable to make this promise, you shall not use the Service. In this case, you shall (a) delete your account and contact us and request deletion of your data; (b) cancel any active subscriptions; and (c) delete the Service from your devices.

1.3. We do not knowingly process personal data from persons under 16 years of age. If you learn that anyone younger than 16 has provided us with personal data, please contact us at [email protected].

1.4. If any questions remain unanswered or you would like to exercise your privacy rights, please also contact us at [email protected].

2. Data Controller

Individual entrepreneur Vitalii Kuprenko (with its legal address at Ukraine, Dnipro city, Krushelnytska Lane 6/119, N/A 49125) is the data controller of your personal data ("we", "us", or "our").

3. Categories & Sources of Personal Data

3.1. When you use the Service, we process data:

  1. you directly provide for us (for example, email address, account name, security key, device camera functions);
  2. automatically during your interaction with the Service (for example, IP address or online activity data);
  3. we receive about you from third parties (for example, 2FA tokens).

3.2. Data directly provided by you.

3.2.1. Identifiers. This may include your email address. You provide us with this information when you decide to register for the Service or contact us via email.

3.2.2. Service data: You provide us with this category of information when you use the Service. This may include (i) account name, security key or (ii) device camera functions for scanning QR code which you enter or use respectively to set up two-factor authentication.

3.2.3. Communication with support team: When you contact our support team, you may also provide us with some personal information.

3.3. Data we collect automatically

3.3.1. Device and geolocation data: We collect language settings, Internet Protocol address, time zone, type and model of a device, device settings, OS version, Internet service provider, mobile carrier, hardware ID, and unique device identifiers (including IDFA).

3.3.2. Log and usage data: We collect information on how you interact with our Service. This may include information about what pages you have viewed, the features and content you interact with, how often you use the Service, how long you are on the Service.

3.3.3. Cookies and similar technologies: Our products employ technologies (cookies, SDKs, etc.) to process your data to enhance your user experience, optimize ads, and analyze traffic. These technologies are activated when you interact with our services, visit our website, use our apps, or enable certain features like chats. Disabling these technologies may affect the functionality of certain features, although our products will remain usable

3.4. Data provided by third parties

3.4.1. 2FA Tokens. When you scan QR codes to add different services for two-factor authentication, we get 2FA tokens from these services to enable the functions of our Service.

3.5. Please note that we do not collect personal data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, and genetic and biometric data. We also do not collect any information about criminal convictions and offenses.

3.6. We also undertake to collect only such amounts and types of personal data strictly required for the purposes mentioned in Section 4 (Purposes & lawful bases for data processing). To the extent necessary for those purposes, we take all reasonable steps to ensure that personal data is reliable, accurate, complete, and current for its intended use.

4. Purposes & Lawful Bases for Processing

4.1. For the processing of your personal data, we rely on the following lawful bases:

  1. performance of the contract — for the processing related to the negotiation, conclusion, and performance of a contract (mainly, the Terms of Use) with you;
  2. legitimate interest — for the processing aimed at the development of our services, taking into consideration your interests, rights, and expectations;
  3. legal obligation — for the processing as required by applicable laws (for example, to comply with tax or KYC/AML regulations) or if requested by a law enforcement agency, court, supervisory authority, or another state-authorized public body;
  4. consent — for additional specific purposes.

4.2. We collect and utilize your data primarily to provide the Service and continuously improve it with the help of analytics. Furthermore, we aim to attract new customers to our products. Below, you may find a more comprehensive breakdown of how we use your information.

Reasons for Processing

Types of data

 Lawful bases

It is necessary to set up a profile, identify and contact the user. It can be also used to monitor data breaches of users’ personal data upon users’ requests.

Identifiers. email address

Performance of the contract.

Your consent.

It is necessary to set up 2FA.

Service data. Account name, security key, 2FA tokens

Performance of the contract.

Your consent.

To be able to scan a QR code to set up 2FA.

Device functions. Includes your camera. Processing is carried out only on your device and is not transferred to third parties.

Performance of a contract.

Your consent.

For marketing and analytical purposes. To provide, improve, and develop the Website.

Device and Geolocation Data. Includes language settings, Internet Protocol address, time zone, type and model of a device, device settings, OS version, Internet service provider, mobile carrier, hardware ID, and unique device identifiers (including IDFA or GAID).

Performance of a contract with you.

Necessary for our legitimate interests

For analytical purposes. To provide, improve, and develop the Website.

Log and Usage Data. Information about how you use our Service and user activity within the Service.

Performance of a contract with you.

Necessary for our legitimate interests

It is required to identify the subscription the user selects, its duration, and expiration.

Subscription data. The transaction data, ID subscriptions, and subscription terms. This is the information we get from the payment system when you buy our subscription.

Performance of the contract.

Your consent.

To participate in reviewing user refund requests to the Apple App Store or our suppliers to prevent fraudulent and deceptive actions by users.

Consumption Information. Account Tenure, App Account Token (UUID), Consumption Status, Customer Consented, Delivery Status, lifetime Dollars Purchased, lifetime Dollars Refunded, Platform, play Time, Refund Preference, Sample Content Provided, and User Status.

Your consent.

Necessary for our legitimate interests

4.3. We rely on the following legitimate interests:

  1. communication regarding your use of the Service: promotion of our Service in a measured and appropriate way;
  2. analysis of your use of the Service: understanding users’ preferences to provide with better user experience;
  3. personalization of our ads: promotion of our Service in targeted way;
  4. defence of our legal rights and interests: our need to protect ourselves from legal claims or other actions that impairs our operations or reputation;
  5. enforcement of Terms of Use: enforcement of legal rights, preventing and addressing non-compliance with Terms of Use.

5. Disclosures of data

5.1. Apart from our employees, contractors, and affiliated companies (if any), we share information with the range of third parties that helps operate, provide, improve, integrate, customize, support, and market our Service. We require all third parties to respect the security of your personal data and treat it under the law. The types of third parties we share information with include, in particular:

5.2. Service providers: We engage the partners mentioned below to carry out specific services or business functions on our behalf using their technologies and resources, based on our instructions. We do not allow our third-party service providers to use your personal data for their purposes and only permit them to process your personal data for specified reasons defined in this Privacy Policy.

Third Party

Its Service

Purpose of usage

Link to privacy materials of the Third Party

Apple Inc

App Store

App publishing

https://www.apple.com/legal/privacy/en-ww/

Appsflyer Inc.

Appsflyer

Advertisement analytics

https://www.appsflyer.com/legal/services-privacy-policy/

Amplitude Inc

Amplitude

Product analytics and event tracking

https://amplitude.com/trust

Google LLC

Google Analytics

Product analytics and event tracking

https://policies.google.com/

Google LLC

Firebase

User authentication and data management

https://policies.google.com/

Superlative Enterprises Pty Ltd

HaveIBeenPwned.com

Monitoring of data breaches of users’ personal data as feature of the Service

https://haveibeenpwned.com/Privacy

Velia.net Internetdienste GmbH

velia.net

Cloud storage

https://www.velia.net/data-protection

5.3. Public authorities, including law enforcement agencies: We may use and disclose personal data to enforce our legal rights or Terms of Use, to protect our rights, privacy, safety, or property, and/or that of our affiliates, you or others, and to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, or in other cases provided for by law.

5.4. Third parties as part of a merger and acquisition: As we develop our business, we may buy or sell assets or business offerings. Customers’ information is generally one of the transferred business assets in these types of transactions. We may also share such information with any affiliated company (if any) and may transfer such information in the course of a corporate transaction, such as the sale of our business, a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.

6. Cross-Border Transfer

6.1. We may transfer personal data to employees, contractors and third parties from countries other than the country in which the data was originally collected in order to provide the Service and for purposes indicated in this Privacy Policy. If these countries do not have the same data protection laws as the country in which you initially provided the information, we deploy special safeguards.

6.2. In particular, if we transfer personal data from the EEA to countries with not adequate level of data protection, we use one of the following legal bases: (i) Standard Contractual Clauses approved by the European Commission (details available here), or (ii) the European Commission adequacy decisions about certain countries (details available here).

7. Data Security & Retention

7.1. We have implemented appropriate security measures to prevent your data from being accidentally lost, used, accessed unauthorized, altered, or disclosed. In addition, we limit access to your data to employees, agents, contractors, and other third parties who have a business need to know. They will only process your data based on our instructions and are subject to a duty of confidentiality.

7.2. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

7.3. We also use technical data encryption tools like SSL protocols to secure your data.

7.4. We will store your personal data for as long as it is reasonably necessary for achieving the purposes set forth in the Terms of Use and Privacy Policy, which includes the period during which you have an account with the Service. We will also retain and use your personal data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

7.5. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your data, the purposes for which we process your data, and whether we can achieve those purposes through other means, and the applicable legal requirements.

8. Changes to Policy

We reserve the right to and may change this privacy notice occasionally. If we make any material changes, we will notify you through our Service, email, or by presenting you with a new version of this privacy notice for you to accept if we, for example, add new processing activities or collect additional personal data from you. Your continued use of the Service after the effective date of an updated version of the Privacy Policy will indicate your acceptance of the Privacy Policy as modified.

9. User Rights

9.1. This Section explains legal rights applicable to users that are residents of certain economic areas, countries, or states as set forth below. Except as otherwise provided herein, you may exercise your legal rights by contacting us at [email protected]. To ensure that we properly handle the requests you make regarding your rights, we are required to verify those requests. Depending on the type of request and the product used by you, this may include your name, age, email, date of subscription purchase, date of last activity, date of account creation, or some other Service use data that will reasonably identify you as an owner of the account, etc. We may also ask you for additional proof of identity, if necessary, but we strive to ask less according to the data minimization principle.

9.2. European Economic Area residents

As a data subject, you have the right to interact with its data directly or through a request to us. This section describes these rights and how you can exercise them:

Right

Description

Right to access

You can request an explanation of the processing of your personal data.

Right to rectification

You can change the data if it is inaccurate or incomplete.

Right to erasure

You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law.

Right to restrict the processing

You may partially or completely prohibit us from processing your personal data.

Right to data portability

You can request all the data you provided to us and request to transfer data to another controller.

Right to object

You may object to the processing of your personal data.

Right to withdraw consent

You can withdraw your consent at any time.

Right to file a complaint

If your request was not satisfied, you could file a complaint to the regulatory body.

To exercise your rights, contact us. If your request is not satisfied, you can submit a complaint to your local Data Protection Authority. You may find it here.

UK residents enjoy the same rights but may lodge a complaint at the other Authority in the UK – Information Commissioner’s Office.

You can contact them at 0303 123 1113 or go online at www.ico.org.uk/concerns.

9.3. United States residents

You, as data subjects, have some special privacy rights. To use them, please contact us at [email protected].

Please note! Depending on the state and legislative requirements, we have from 30 to 60 days to exercise your request, with the right to postpone it for 30 days more.

If your complaint is not satisfied, you can file a complaint with the Federal Trade Commission.

Your rights vary depending on the laws that apply to you, but may include:

Right

Description

Area

Right to access

You can request an explanation of how your personal data is processed.

  • California;
  • Colorado;
  • Connecticut;
  • Indiana;
  • Iowa;
  • Montana;
  • Tennessee;
  • Texas;
  • Utah;
  • Virginia.

Right to correct

You can change the data if it needs to be more accurate or complete.

  • California;
  • Colorado;
  • Connecticut;
  • Indiana;
  • Montana;
  • Tennessee;
  • Texas;
  • Virginia.

Right to delete

You can request to delete your personal data from our systems.

  • California;
  • Colorado;
  • Connecticut;
  • Indiana;
  • Iowa;
  • Montana;
  • Tennessee;
  • Texas;
  • Utah;
  • Virginia.

Right to portability

You can request all the data you provided to us and request to transfer data to another controller.

  • California;
  • Colorado;
  • Connecticut;
  • Indiana;
  • Iowa;
  • Montana;
  • Tennessee;
  • Texas;
  • Utah;
  • Virginia.

Right to opt out of sales

The right to opt out of the sale of personal data to third parties.

  • California;
  • Colorado;
  • Connecticut;
  • Indiana;
  • Iowa;
  • Montana;
  • Tennessee;
  • Texas;
  • Utah;
  • Virginia.

Right to opt out of certain purposes

The right to opt-out of processing for profiling/targeted advertising purposes.

  • Colorado;
  • Connecticut;
  • Indiana;
  • Montana;
  • Tennessee;
  • Texas;
  • Utah;
  • Virginia.

Right to opt out of the processing of sensitive data

The right to opt-out of processing of sensitive data.

  • California.

Right to opt in for sensitive data processing

The right to opt in before processing sensitive data.

  • Colorado;
  • Connecticut;
  • Indiana;
  • Montana;
  • Tennessee;
  • Texas;
  • Virginia.

Right against automated decision-making

A prohibition against a business making decisions about a consumer based solely on an automated process without human input

  • California;
  • Colorado;
  • Connecticut;
  • Indiana;
  • Iowa;
  • Montana;
  • Tennessee;
  • Texas;
  • Virginia.

Private right of action

The right to seek civil damages from a controller for statute violations.

  • California.

Please note! Some states do not have privacy laws. The rights of residents of such states are governed by U.S. federal law. If your state is missing from the list, please contact us.

9.4. Do not sell my personal information under CCPA

California residents have the right under the California Consumer Privacy Act (“CCPA”) to opt out of a company governed by the CCPA's “sale” of their personal information.

We do not sell your personal information to anyone, nor use your data as a business model.

However, we support the CCPA by allowing California residents to opt out of the future sale of their personal information. Please contact us if you would like to record your preference so that we do not sell your data in the future.

9.5. Access rights under California’s Shine the Light

California also provides its residents with additional access rights. Under the Shine the Light law, the residents may ask companies once a year what personal information they share with third parties for those third parties' direct marketing purposes. Learn more about what is considered to be personal information under the statute.

To obtain this information from us, please send an email message to [email protected], which includes “Request for California Shine the Light Privacy Information” on the subject line and your state of residence and email address in the body of your message. Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing will be included in our response.

9.6. Do-not-track requests

California residents visiting the Service may request that we do not automatically gather and track information about their online browsing movements across the Internet.

Such requests are typically made through web browser settings that control signals or other mechanisms that allow consumers to exercise choice regarding collecting personal data about an individual consumer’s online activities over time and across third-party websites or online services.

We currently do not have the ability to honor these requests. We may modify this privacy notice as our abilities change.

9.7. Canadian residents

As data subjects, you have privacy rights prescribed by Canada’s federal and provincial privacy laws.

If you want additional information, please contact us by filling a request.

If you are not satisfied with the response, you can file a complaint with the Office of the Privacy Commissioner of Canada.

10. Contact Us

If you have any questions about this Privacy Policy and/or want to exercise your legal rights, you may contact us at [email protected].