Privacy Policy for AuthGuard 2FA

Effective Date: July 2025

Developer: PixelForge Apps

Contact: apps@pixelforge-apps.com

Website: https://pixelforge-apps.com

1. OVERVIEW

AuthGuard 2FA is a security application that generates Time-based One-Time Passwords (TOTP) for two-factor authentication. We are committed to protecting your privacy and data.

2. DATA COLLECTION

We DO NOT collect any personal data:

- No account registration required

- No personal information collected

- No usage analytics or tracking

- No data sent to external servers

- No user profiling or behavioral tracking

3. DATA STORAGE

All data is stored locally on your device:

- 2FA accounts and secrets are encrypted using Android Keystore

- Data never leaves your device unless you explicitly export it

- No cloud backups or automatic synchronization

- No third-party data sharing

- All sensitive information remains on your device only

Backup and Export Feature

- Optional encrypted backup export available for your convenience

- You control the export: Manual action required, never automatic

- Password-protected: Backup files are encrypted with your chosen password

- Local file only: Exported backup is saved to your device's file system

- Your responsibility: You decide where to store the backup file (cloud, computer, etc.)

- No data transmission: The app itself never sends backup data anywhere

4. PERMISSIONS USED

Camera Permission

- Purpose: Used only for scanning QR codes to add new 2FA accounts

- Usage: Camera access is only when you explicitly scan QR codes

- Data: No photos or videos are stored or transmitted

- Control: You can deny this permission, but QR scanning won't work

Vibration Permission

- Purpose: Used for haptic feedback during interactions

- Usage: Enhances user experience with tactile responses

- Data: No data collected or transmitted

Internet Permission

- Purpose: Used only to display Privacy Policy and support documentation

- Usage: Opens web pages within the app (WebView)

- Data: No personal data transmitted

- Websites: Only connects to pixelforge-apps.com for policy/support content

- Control: Internet is not required for core 2FA functionality

5. DATA SECURITY

- All sensitive data encrypted using Android Keystore

- Hardware-backed security when available (TEE/StrongBox)

- No data transmission to external servers

- Local-only storage with device-level protection

- Encryption keys managed by Android system

Backup File Security

- AES-256-GCM encryption for all backup files

- PBKDF2 key derivation with 100,000 iterations for password security

- Secure random salt and IV generation for each backup

- Industry-standard encryption comparable to enterprise security solutions

- Password-only access: Backup files are useless without your password

6. DATA RETENTION

- Data persists only on your device

- Uninstalling the app permanently deletes all data

- No data recovery possible after uninstallation unless you have created a backup

- No backups stored on external servers by the app

- Backup files you create are retained based on your storage choices

- Backup file responsibility: You control where and how long backup files are stored

7. THIRD-PARTY SERVICES

- No third-party analytics or tracking services

- No advertisements or data monetization

- No external API calls for 2FA functionality

- No data sharing with third parties

- No social media integration

8. NETWORK USAGE

- Internet connection used only for:

 - Displaying Privacy Policy (this document)

 - Accessing support documentation

 - No data collection or transmission during these activities

9. CHILDREN'S PRIVACY (COPPA)

- This app does not collect any personal information from users of any age

- No age verification required

- Safe for all users including children under 13

10. INTERNATIONAL USERS (GDPR)

For users in the European Union:

- No personal data is processed

- No cookies or tracking technologies used

- No data subject rights needed (no data collected)

- No data protection officer required (no data processing)

11. CALIFORNIA RESIDENTS (CCPA)

- No personal information collected or sold

- No consumer rights requests needed

- No opt-out mechanisms required (no data collection)

12. OPEN SOURCE COMPONENTS

This app may use open source libraries:

- All components respect user privacy

- No telemetry or data collection by dependencies

- Libraries used only for core functionality (encryption, UI, QR scanning)

13. CHANGES TO PRIVACY POLICY

- Any changes will be posted at: http://pixelforge-apps.com/app/authguard-2fa/privacy-policy

- Users will be notified of significant changes through app updates

- Continued use implies acceptance of policy changes

14. CONTACT INFORMATION

For questions or concerns about this Privacy Policy:

- Email: apps@pixelforge-apps.com

- Website: https://pixelforge-apps.com

- Developer: PixelForge Apps

15. LEGAL BASIS (EU Users)

- Legitimate Interest: Providing 2FA security functionality

- No Consent Required: No personal data processing

- Data Minimization: Only necessary permissions requested

16. SECURITY INCIDENT REPORTING

- In the unlikely event of a security issue affecting user data

- Users will be notified through app updates or website notices

- Contact apps@pixelforge-apps.com for security concerns

Last Updated: July 2025

Your privacy is our priority. This app is designed to keep your 2FA codes secure and private, with all data remaining on your device.

Quick Summary:

✅ **No data collection**

✅ **No internet required for 2FA**

✅ **Local storage only**

✅ **Encrypted security (AES-256)**

✅ **Optional encrypted backup export**

✅ **No tracking or analytics**

✅ **No third-party sharing**

✅ **You control your backup files**