Effective Date
January 2, 2026

Privacy Policy

1. Introduction

This Privacy Policy explains how the Authenticator Application handles information about you. By using the app, you agree to the practices described in this policy.

2. Data Controller

The data controller responsible for processing your personal data is Zoumite Franck Armel Mamboue, operating from Ontario, Canada. For any questions or concerns about this Privacy Policy or the processing of your personal data, please contact us at hello@iosstud.io.

If you are located in Canada and have concerns about our handling of your personal information, you may also contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca or by phone at 1-800-282-1376.

3. Information We Collect

3.1 Log Data

The Authenticator Application collects log data to monitor app performance and diagnose issues. This may include technical information such as error reports, usage events, or system diagnostics. Logs are collected and stored using Google App Engine, a third-party service.

3.2 Personal Data Collection

The app may process your email address and 2FA code from your scanned 2FA QR code. This data is stored and encrypted in Keychain locally on your device. The data may be shared with your other devices that are using the same Apple ID. Your data is not seen by us and is not shared with any third parties.

4. How We Use Information

4.1 Purpose of Data Collection

We use log anonymized data solely to improve the performance, stability, and functionality of the Authenticator Application. This excludes personal data like your email address. The collected data helps us ensure a reliable user experience.

4.2 Lawful Bases for Processing

We process your personal data based on the following lawful bases under applicable data protection laws:

• Performance of a contract: We process data necessary to provide you with the Authenticator Application and its features, including the processing of 2FA tokens and account information.
• Legitimate interests: We process anonymized log data and analytics data to improve our app's performance, stability, and functionality. This processing is necessary for our legitimate interest in maintaining and improving our service.
• Consent: Where applicable, we may process certain data based on your explicit consent, which you can withdraw at any time.

5. Third-Party Services

5.1 RevenueCat

In addition, RevenueCat is used for anonymized purchase tracking. This means that when someone makes a purchase in the app, we see that a purchase was made at a particular time in a particular country; no other data is collected like your email address, and so this purchase data cannot be linked to a user’s identity. For more information on how RevenueCat handles data, please review their privacy policy at RevenueCat’s Privacy Policy.

5.2 Google App Engine

The Authenticator Application uses Google App Engine, operated by Google Inc., to store anonymized activity log data. This data is used to improve the app’s functionality. For more information on how Google App Engine handles data, please review their privacy practices at Google’s Privacy Policy.

5.3 Bugsnag

The Authenticator Application uses Bugsnag to collect anonymized crash and error data. This data is used to improve the performance, stability of the Application. For more information on how Bugsnag handles data, please review their privacy practices at Bugsnag’s Privacy Policy.

5.4 Firebase Analytics

We may use Firebase Analytics for analytics purposes. This service allows us to understand the effectiveness of our app and to gain insights into user interactions related to the app. The data collected may include non-personally identifiable information about app installs or specific in-app events. The processing of this data is governed by Google’s policies. For more details, please refer to:

• Firebase Privacy and Security
• Google Privacy Policy

5.5 HaveIBeenPwned.com

We use HaveIBeenPwned.com, operated by Superlative Enterprises Pty Ltd, for monitoring of data breaches of users' personal data as a feature of the Service. For more information on how HaveIBeenPwned handles data, please review their privacy practices at HaveIBeenPwned Privacy Policy.

6. Data Security

6.1 Our Commitment

We are committed to maintaining the security and integrity of log data collected through the app. We use HTTPS to securely transmit log data to Google App Engine, and we employ industry-standard security measures to protect this data during storage. Documents created in the app remain stored locally on your device and are not transmitted to us.

7. Data Retention

We retain anonymized log data and analytics data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Anonymized data may be retained indefinitely for analytical purposes. Personal data processed locally on your device (such as email addresses and 2FA tokens stored in Keychain) remains on your device and is subject to your device's data management settings.

8. International Data Transfers

Your data may be transferred to and processed in countries outside of your country of residence, including the United States, where our third-party service providers (such as Google App Engine, Firebase, Bugsnag, and RevenueCat) operate. These countries may have data protection laws that differ from those in your country.

When we transfer your data internationally, we ensure appropriate safeguards are in place to protect your personal data. These safeguards include:

• Standard Contractual Clauses approved by the European Commission for transfers from the European Economic Area (EEA) to third countries
• Adequacy decisions by the European Commission recognizing that certain countries provide an adequate level of data protection
• Other appropriate safeguards as required by applicable data protection laws

By using the Authenticator Application, you consent to the transfer of your data to these countries and the processing of your data as described in this Privacy Policy.

9. User Rights

9.1 Your Rights

Depending on your location, you may have certain rights regarding your personal data. These rights may include:

• Right to access: You have the right to request information about the personal data we hold about you and how it is processed.
• Right to rectification: You can request that we correct any inaccurate or incomplete personal data.
• Right to erasure: You can request that we delete your personal data, subject to certain exceptions where we may need to retain data for legal or legitimate business purposes.
• Right to restrict processing: You may request that we limit how we process your personal data in certain circumstances.
• Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to object: You may object to certain types of processing of your personal data, particularly processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on your consent, you have the right to withdraw that consent at any time.
• Right to lodge a complaint: You have the right to file a complaint with your local data protection authority if you believe we have not addressed your concerns.

9.2 Exercising Your Rights

To exercise any of these rights, please contact us at hello@iosstud.io. We will respond to your request within a reasonable timeframe and in accordance with applicable data protection laws.

Please note that since most personal data (such as email addresses and 2FA tokens) is stored locally on your device and not collected by us, you have direct control over this data through your device settings. Anonymized log data cannot be linked to your identity and therefore cannot be subject to individual data subject requests.

10. Changes to This Privacy Policy

10.1 Updates

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on the app. We advise you to review this Privacy Policy periodically for any changes.

11. Contact Information

For any questions or concerns about this Privacy Policy or the practices of this app, please contact us via email at hello@iosstud.io.

Thank you for using Authenticator. Your privacy is important to us.