Authenticator – User Agreement
Privacy Policy
Effective Date: April 17, 2024 | Last Updated: March 5, 2026
This Privacy Policy explains how Beijing Haohai Xincheng Technology Co., Ltd. ("we", "us", "our") collects, uses,
stores and protects your information when you use the Authenticator Pro mobile application ("the App"). This
version is fully compliant with applicable U.S. privacy laws, including CCPA/CPRA, COPPA, FTC privacy guidelines
and the Apple App Store Review Guidelines.
Important Notice: The App uses a local‑first, decentralised architecture. Your core
verification data (including but not limited to secret keys, one‑time passcodes and account names) is stored
only on your device or in your personal iCloud account. We do not upload, access or process this core data on
our own servers.
Please read this policy carefully before using the App. By continuing to use the App, you confirm you have read
and understood this policy.
1. Information We Collect and Use
We process information only in line with the principles of lawfulness, fairness, and necessity.
1.1 Core Functional Data (On‑Device Only)
- 2FA account credentials & codes: All two‑factor authentication data you add remains on
your device or in your personal iCloud storage. We have no access to this data.
- App lock & biometric data: Face ID/Touch ID verification is processed locally by iOS.
We do not collect or store biometric information.
1.2 System Permissions
We may request the following permissions to deliver features. You may withdraw or change permissions at any time
in your device settings:
- Camera: for scanning QR codes to add 2FA accounts
- Photos: for reading QR codes from selected images only
- Network: for iCloud sync, time synchronisation and analytics
- Notifications: for service and subscription updates
1.3 Non‑Identifiable Data
To improve stability and user experience, we collect de‑identified, non‑personal data such as device model, OS
version, crash logs and general region. This data cannot be used to identify you as an individual.
2. Third‑Party SDKs
We only use third‑party software development kits (SDKs) that are necessary for the App's core functions. All
partners are subject to security and data protection review.
- Firebase Crashlytics (Google)
- Purpose of processing: Collect app crash logs and technical error reports to fix bugs and improve
app stability.
- Categories of data processed: De‑identified UUID, crash stack details, device model, operating
system version.
- Third‑party privacy policy: https://policies.google.com/privacy
- Umeng+ Analytics SDK
- Purpose of processing: Collect anonymised usage statistics to analyse user behaviour and improve
product experience.
- Categories of data processed: De‑identified device information, network status, non‑precise
geographic data (no personally identifiable data).
- Third‑party privacy policy: https://www.umeng.com/policy
3. Data Storage and Cross‑Border Transfers
- Storage: Your core 2FA data is stored locally on your device or in your personal iCloud
(controlled by Apple's privacy framework). Analytics data may be stored on third‑party servers.
- Cross‑border transfers: As the App is distributed globally, de‑identified analytics data
may be transferred to servers outside the United States. We use encryption and comply with applicable U.S.
data protection requirements.
4. Your Privacy Rights (U.S. Consumers)
If you are a consumer located in the United States, you have the following rights under applicable U.S. privacy
laws:
- Right to Know: Request details of the personal information we process about you.
- Right to Delete: Request deletion of personal information we hold (excluding data stored
only on your device/iCloud, which we cannot access).
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt Out of Sale/Sharing: We do NOT sell or share your personal information.
- Right to Non‑Discrimination: We will not discriminate against you for exercising your
privacy rights.
5. Children's Privacy (COPPA)
The App is not intended for children under the age of 13. We do not knowingly collect personal information from
children under 13. If we become aware that we have collected data from a child under 13, we will delete it
immediately.
6. Changes to This Privacy Policy
We reserve the right to update this policy as required by law or for operational reasons. The latest version will
be posted in the App with an updated "Last Updated" date. Your continued use of the App after the changes
constitute your acceptance of the revised policy.
7. Contact Us
If you have questions, complaints or requests regarding this Privacy Policy or your personal data, you may
contact us:
- Email: servicetwofa@gmail.com
- Address: 111-205, 1st Floor, Building 17, Wulidian Nanli, Lugouqiao, Fengtai District,
China
We will respond to valid requests within the statutory time limits.