Privacy Policy – AuthLock

Effective Date: 23 March 2026

AuthLock is committed to protecting your privacy and securing your sensitive information. This Privacy Policy explains how your data is collected, stored, and used.

1. Information We Collect

• No analytics or tracking: AuthLock does not collect any telemetry, usage statistics, or personal data for analytics purposes.

• Local storage: All your TOTP codes and account information are stored locally on your device. AuthLock does not send your secrets to any server.

• Optional cloud backup: If you choose to back up your codes to Google Drive, the backup is fully encrypted end-to-end before leaving your device.

2. How We Protect Your Data

• Encryption at rest: All TOTP secrets are encrypted using AES-256-GCM with a unique IV per account.

• User Master Key (UMK): Generated once on first launch, stored securely in Android Keystore or iOS Keychain.

• PIN & biometric lock: Your app access can be protected by a PIN or device biometric (fingerprint / Face ID).

• Cloud backup security: Backups are encrypted locally using a key derived from the UMK via HKDF. Google Drive stores only the encrypted blob in the AppData folder. Only a device with your UMK can decrypt it.

3. Sharing and Third Parties

• No third-party sharing: Your secrets are never shared with third parties.

• Google Drive: The only third-party service used is Google Drive, strictly for encrypted backup storage. Google cannot access or read your secrets.

4. Your Rights

• You may request information about what data is stored locally on your device.

• You may delete your accounts or backups at any time.

• Any cloud backup stored on Google Drive can be deleted by removing the app data via Google Drive or from within AuthLock.

5. Contact Us

For privacy-related questions or support:
Email: shon.analyst@gmail.com

Notes

• Cloud backup is optional. the app works entirely offline.