Privacy Policy

How Authenticator 2FA handles information on your device and when you contact us.

Last updated:

Mobile Secure ("we," "our," or "us") built Authenticator 2FA (the "App") as a security-focused, offline-first tool. This policy explains what data exists in the product, what we may receive if you email us, and how Apple’s platform may process information independently of us.

Summary. The App is designed so your TOTP secrets and related vault data stay on your device under your control (for example, in the iOS Keychain). The App does not send your secrets to servers we operate for sync or analytics.

1. Data stored on your device

Depending on how you use the App, data on your device may include:

TOTP secrets and account metadata (issuer, account label, algorithm, period, digits, vault grouping, pins, and similar fields)
Security settings such as PIN preferences, auto-lock timing, and policy toggles you enable
Local logs or audit entries the App keeps for security visibility (stored on-device)
Encrypted backup or export files you explicitly create; these files are under your control once saved or shared

You choose whether to use features like QR scanning, encrypted import/export, or device-to-device transfer. Those flows operate with the data you provide; you should only scan or import secrets you trust.

2. Data we collect from the App

We do not operate a user account system inside the App for authentication to our servers. The App is not designed to upload your vault contents or generated codes to us.

If a future version introduces optional network features, this policy will be updated to describe them clearly before they apply to you.

3. Apple and your device

Apple provides the operating system, App Store, and platform services. Apple may process data according to its own policies, for example:

Purchase and subscription records tied to your Apple ID
Device backups, iCloud, or iCloud Keychain if you enable them
Crash diagnostics or analytics if you opt in at the OS level

We do not control Apple’s systems. Review Apple’s privacy materials and your device settings for those choices.

4. When you contact us

If you email mobilesecure.feedback@gmail.com, we receive the information you include (for example, your address, message text, and attachments). We use that information only to respond and improve the product, and we do not sell your email address.

5. Legal requests

Because we do not host your secrets, we generally cannot access or produce your on-device TOTP data. We may disclose limited information if required by law, such as basic correspondence metadata related to a support request.

6. Retention

Email support threads are retained only as long as needed to operate support and meet legal obligations. Data on your device remains until you delete it or remove the App, subject to how your device handles app data and backups.

7. Security

No method of storage is perfect. You should keep your device updated, use a strong device passcode, and enable biometrics where appropriate. Follow service providers’ guidance on recovery codes and backup strategies.

8. Children

The App is not directed to children under 13. If you believe a child has contacted us with personal information, email us and we will take appropriate steps.

9. International users

If you contact us from outside your home region, your message may be processed where we or our email provider operate. We aim to handle personal data consistent with this policy and applicable law.

10. Changes

We may update this Privacy Policy. The "Last updated" date will change when we do. Material changes will be described here; for App Store listings, we will align descriptions with the product behavior.

11. Contact

Privacy questions: mobilesecure.feedback@gmail.com