Authenticator – User Agreement
Privacy Policy
Effective Date: April 17, 2024 | Last Updated: March 5, 2026
This Privacy Policy explains how Beijing Haohai Xincheng Technology Co., Ltd. ("we", "us", "our") collects, uses,
stores and protects your information when you use the Authenticator Pro mobile application ("the App"). This
version is fully compliant with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA),
substantially similar provincial privacy laws, and the Apple App Store Review Guidelines.
Important Notice: The App uses a local‑first, decentralised architecture. Your core
verification data (including but not limited to secret keys, one‑time passcodes and account names) is stored
only on your device or in your personal iCloud account. We do not upload, access or process this core data on
our own servers.
Please read this policy carefully before using the App. By continuing to use the App, you confirm you have read
and understood this policy.
1. Information We Collect and Use
We process information in compliance with PIPEDA's 10 fair information principles, including accountability,
identification of purposes, consent, limitation of collection, and safeguards.
1.1 Core Functional Data (On‑Device Only)
- 2FA account credentials & codes: All two‑factor authentication data you add remains on
your device or in your personal iCloud storage. We have no access to this data.
- App lock & biometric data: Face ID/Touch ID verification is processed locally by iOS.
We do not collect or store biometric information.
1.2 System Permissions
We may request the following permissions to deliver features. You may withdraw or change permissions at any time
in your device settings:
- Camera: for scanning QR codes to add 2FA accounts
- Photos: for reading QR codes from selected images only
- Network: for iCloud sync, time synchronisation and analytics
- Notifications: for service and subscription updates
1.3 Non‑Identifiable Data
To improve stability and user experience, we collect de‑identified, non‑personal data such as device model, OS
version, crash logs and general region. This data cannot be used to identify you as an individual.
2. Third‑Party SDKs
We only use third‑party software development kits (SDKs) that are necessary for the App's core functions. All
partners are subject to security and data protection review.
- Firebase Crashlytics (Google)
- Purpose of processing: Collect app crash logs and technical error reports to fix bugs and improve
app stability.
- Categories of data processed: De‑identified UUID, crash stack details, device model, operating
system version.
- Third‑party privacy policy: https://policies.google.com/privacy
- Umeng+ Analytics SDK
- Purpose of processing: Collect anonymised usage statistics to analyse user behaviour and improve
product experience.
- Categories of data processed: De‑identified device information, network status, non‑precise
geographic data (no personally identifiable data).
- Third‑party privacy policy: https://www.umeng.com/policy
3. Data Storage and Cross‑Border Transfers
- Storage: Your core 2FA data is stored locally on your device or in your personal iCloud
(controlled by Apple's privacy framework). Analytics data may be stored on third‑party servers.
- Cross‑border transfers: De‑identified analytics data may be transferred to servers outside
Canada. We implement appropriate safeguards to comply with PIPEDA requirements for cross‑border data
transfers.
4. Your Privacy Rights (PIPEDA)
If you are located in Canada, you have the following rights regarding your personal information under PIPEDA:
- Right to Access: Request access to the personal information we hold about you.
- Right to Correction: Request updates or corrections to inaccurate or incomplete
information.
- Right to Withdraw Consent: Withdraw your consent for data processing at any time.
- Right to Complain: Challenge our compliance and file a complaint with the Privacy
Commissioner of Canada.
- Right to Deletion: Request deletion of personal information we hold (excluding data stored
only on your device/iCloud, which we cannot access).
5. Children's Privacy
The App is not intended for children under the age of 13. We do not knowingly collect personal information from
children under 13, and we will not obtain meaningful consent from such users. If we become aware that we have
collected data from a child under 13, we will delete it immediately.
6. Changes to This Privacy Policy
We reserve the right to update this policy as required by law or for operational reasons. The latest version will
be posted in the App with an updated "Last Updated" date. Your continued use of the App after the changes
constitute your acceptance of the revised policy.
7. Contact Us
If you have questions, complaints or requests regarding this Privacy Policy or your personal data, you may
contact us:
- Email: servicetwofa@gmail.com
- Address: 111-205, 1st Floor, Building 17, Wulidian Nanli, Lugouqiao, Fengtai District,
China
We will respond to valid requests within the statutory time limits.