Privacy Policy

Two-Factor Authenticator · Last updated: June 2, 2026

Generate secure two-factor authentication codes. This policy explains what data Two-Factor Authenticator does and doesn't handle.

Summary

Your two-factor account keys are stored only on your device, encrypted, and are never transmitted to us or anyone else. We collect limited diagnostic data to keep the app reliable, and we show ads through Google AdMob.

Information processed on your device

• Your 2FA account keys are stored only on your device, in encrypted form. They are never uploaded, synced, or shared — only you can see your codes.
• Camera — used to scan setup QR codes when you add an account. Frames are processed on-device and never uploaded.
• Biometric / PIN unlock — handled entirely by your device's secure hardware; we never receive your fingerprint, face, or PIN.
• Backups & exports are local files that you create and control.

Information we collect

To keep Two-Factor Authenticator reliable we collect a limited amount of data through Google Firebase. It is used in aggregate to fix bugs and improve the app, and is not used to personally identify you:

• Crash diagnostics — via Firebase Crashlytics, to detect and fix problems.
• Anonymous usage analytics — via Firebase Analytics. This never includes your accounts, secret keys, or generated codes.

Time sync — the app may contact a public time server (NTP) to generate accurate time-based codes. No personal data is sent.

Advertising (Google AdMob)

Two-Factor Authenticator shows ads via Google AdMob. To serve ads, Google may collect and process device identifiers (including the advertising ID), IP address, and ad-interaction data, as described in How Google uses information from sites or apps that use our services and the Google Privacy Policy.

Your choices & consent

• In the EEA, UK, and Switzerland we request consent for personalized ads through Google's certified consent flow (UMP) on first launch.
• You can reset your advertising ID or opt out of ad personalization in your device settings.

In-app purchases

Two-Factor Authenticator may offer optional in-app purchases (for example, to support development). Payments are handled entirely by the Apple App Store or Google Play; we never receive or store your payment details.

Third-party services

• Google Firebase (Crashlytics, Analytics, and related services) — Firebase privacy & security
• Google AdMob — Google Privacy Policy
• Apple App Store / Google Play — payment processing for in-app purchases

Children

Two-Factor Authenticator is a general-audience app and is not directed to children under 13. We do not knowingly collect data from children.

Data security & retention

Data stored on your device is protected by your device's own security and is removed when you delete it or uninstall the app. Diagnostic and analytics data is retained by Google/Firebase according to their policies.

Changes

We may update this policy; material changes are reflected by the "Last updated" date above.

Contact

Questions? Email hoangduykhanh21@gmail.com.