Authenticator – User Agreement
Privacy Policy
Effective Date: April 17, 2024 | Last Updated: March 5, 2026
This Privacy Policy explains how Beijing Haohai Xincheng Technology Co., Ltd. ("we", "us", "our") collects, uses,
stores and protects your information when you use the Authenticator Pro mobile application ("the App"). This
version is fully compliant with the UK GDPR, the Data Protection Act 2018, ICO guidelines and the Apple App
Store Review Guidelines.
Important Notice: The App uses a local‑first, decentralised architecture. Your core
verification data (including but not limited to secret keys, one‑time passcodes and account names) is stored
only on your device or in your personal iCloud account. We do not upload, access or process this core data on
our own servers.
Please read this policy carefully before using the App. By continuing to use the App, you confirm you have read
and understood this policy.
1. Information We Collect and Use
We process information only in line with the UK GDPR principles: lawfulness, fairness, transparency, purpose
limitation, data minimisation, accuracy, storage limitation and integrity/confidentiality.
1.1 Core Functional Data (On‑Device Only)
- 2FA account credentials & codes: All two‑factor authentication data you add remains on
your device or in your personal iCloud storage. We have no access to this data.
- App lock & biometric data: Face ID/Touch ID verification is processed locally by iOS.
We do not collect or store biometric information.
1.2 System Permissions
We may request the following permissions to deliver features. You may withdraw or change permissions at any time
in your device settings:
- Camera: for scanning QR codes to add 2FA accounts
- Photos: for reading QR codes from selected images only
- Network: for iCloud sync, time synchronisation and analytics
- Notifications: for service and subscription updates
1.3 Non‑Identifiable Data
To improve stability and user experience, we collect de‑identified, non‑personal data such as device model, OS
version, crash logs and general region. This data cannot be used to identify you as an individual.
2. Third‑Party SDKs
We only use third‑party software development kits (SDKs) that are necessary for the App's core functions. All
partners are subject to security and data protection review.
- Firebase Crashlytics (Google)
- Purpose of processing: Collect app crash logs and technical error reports to fix bugs and improve
app stability.
- Categories of data processed: De‑identified UUID, crash stack details, device model, operating
system version.
- Legal basis (UK GDPR): Legitimate interests – ensuring the technical reliability, security and
performance of the App.
- Third‑party privacy policy: https://policies.google.com/privacy
- Umeng+ Analytics SDK
- Purpose of processing: Collect anonymised usage statistics to analyse user behaviour and improve
product experience.
- Categories of data processed: De‑identified device information, network status, non‑precise
geographic data (no personally identifiable data).
- Legal basis (UK GDPR): Legitimate interests – optimising App functionality based on aggregated,
anonymous statistics.
- Third‑party privacy policy: https://www.umeng.com/policy
3. Data Storage and Cross‑Border Transfers
- Storage: Your core 2FA data is stored locally on your device or in your personal iCloud
(controlled by Apple's privacy framework). Analytics data may be stored on third‑party servers.
- Cross‑border transfers: Any transfer of de‑identified data outside the UK/EEA is carried
out with appropriate safeguards under UK GDPR. We do not transfer personal data in a way that violates UK
data protection law.
4. Your Rights Under UK GDPR
Under the UK GDPR and Data Protection Act 2018, you have the following rights regarding your personal data:
- Access: Request details of the personal data we process about you.
- Rectification: Correct inaccurate or incomplete data.
- Erasure: Request deletion of your data (where applicable).
- Restrict processing: Limit how we use your data.
- Data portability: Receive a copy of your data in a usable format (where applicable).
- Object to processing: Object to processing based on our legitimate interests.
- Withdraw consent: Revoke any consent you have provided for data processing.
5. Children's Privacy
The App is not intended for children under the age of 13. We do not knowingly collect personal data from children
under 13. If we become aware that such data has been processed, we will delete it immediately.
6. Changes to This Privacy Policy
We reserve the right to update this policy as required by law or for operational reasons. The latest version will
be posted in the App with an updated "Last Updated" date. Your continued use of the App after the changes
constitute your acceptance of the revised policy.
7. Contact Us
If you have questions, complaints or requests regarding this Privacy Policy or your personal data, you may
contact us:
- Email: servicetwofa@gmail.com
- Address: 111-205, 1st Floor, Building 17, Wulidian Nanli, Lugouqiao, Fengtai District,
China
We will respond to valid requests within the statutory time limits.