Privacy Policy

Last Updated: May 19, 2025

INTRODUCTION

At SecureSonic, we believe security and privacy go hand in hand. This Privacy Policy explains how our Authenticator App collects, uses, and protects your information. Our multi-factor authentication app is designed with privacy-by-design principles to maximize security while minimizing data collection.

INFORMATION WE COLLECT

Information You Provide

  • Account Information: Email address and password hash (if you choose to create an account)
  • Device Information: Device name (optional and customizable)
  • Security Keys: Public key information for hardware security keys (if used)

Information Collected Automatically

  • Device Data: Operating system version, app version, device model
  • Usage Data: Authentication events (timestamps only, not the services you access)
  • Performance Data: App crashes, errors, and performance metrics

We DO NOT collect:

  • Biometric data (even when used for device-level authentication)
  • Passwords for your other accounts
  • Browsing history or services you authenticate to
  • Location data (unless explicitly enabled for risk-based authentication)
  • Content of communications

HOW WE USE YOUR INFORMATION

We use the information we collect to:

  • Provide and maintain the Authenticator App functionality
  • Process and complete authentication requests
  • Improve and optimize the app’s performance and security
  • Detect and prevent fraudulent activity and security incidents
  • Comply with legal obligations

DATA STORAGE AND SECURITY

  • Local Storage: Authentication tokens and seeds are stored securely on your device using industry-standard encryption
  • Cloud Backup (optional): If enabled, backup data is encrypted with your key before transmission
  • Data Retention: We retain account data until you delete your account, and automatically delete inactive accounts after 24 months

SHARING YOUR INFORMATION

We do not sell or rent your personal information to third parties. We may share limited data with:

  • Service Providers: Cloud hosting and analytics providers who help us deliver our service (all bound by data processing agreements)
  • Legal Requirements: When required by law, court order, or governmental regulation
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with commitments to continued privacy protections)

YOUR RIGHTS AND CHOICES

You have the right to:

  • Access, correct, or delete your personal information
  • Opt out of optional data collection features
  • Export your authentication seeds and tokens
  • Disable cloud backup features
  • Close your account and have your data deleted

CHANGES TO THIS POLICY

We may update this Privacy Policy as our services evolve. We will notify you of any material changes through the app or via email if you’ve provided one.

CONTACT US

If you have questions or concerns about this policy or our privacy practices, please contact us at:

ADDITIONAL INFORMATION FOR SPECIFIC JURISDICTIONS

European Users

Under GDPR, we process your data based on legitimate interests, consent, or contractual necessity. You have the right to lodge a complaint with your local data protection authority.

California Residents

Under CCPA/CPRA, you have specific rights regarding your personal information. We do not sell personal information as defined by California law.

Children’s Privacy

Our Authenticator App is not directed at children under 16. We do not knowingly collect personal information from children under 16.