Thank you for using
Authenticator App Vault+ (hereinafter the "app" or "our service"). This Privacy Policy is intended to explain how we collect, use, store, and protect your information. Please read this policy carefully before using the app.
🔔
Core Commitment: Your two-factor authentication keys (Secret Keys) are stored only locally on your device and are never uploaded to our servers. Account security is the first priority of our design.
01Information We Collect
1.1 Information You Provide
- Two-factor authentication account info: Descriptive information such as account names and issuer labels that you enter manually or add by scanning a QR code.
- Registration info (if applicable): If you choose to register an account to use the cloud backup feature, we will collect your email address and an encrypted password.
1.2 Information Collected Automatically
- Usage data: Anonymous statistics such as feature usage frequency, session duration, and crash reports, used to improve the product experience.
- Device info: Operating system version, device model, app version number, language, and region settings.
- Purchase info: Subscription status and purchase history (processed by the Apple App Store; we only obtain verification receipts and do not obtain payment card information).
1.3 Information We Do Not Collect (Important)
- Two-factor authentication keys (TOTP / HOTP Secret Keys)
- Generated one-time passwords (OTP)
- The passwords or credentials of your linked accounts
- Biometric data (Face ID / Touch ID processing is done entirely on-device)
02How We Use Information
We use the information collected for the following purposes:
- To provide, maintain, and continuously improve the core features of the app
- To process in-app purchases and subscription verification
- To send service notifications (such as subscription expiry reminders and security announcements)
- To analyze anonymous usage data to optimize the user experience
- To respond to your customer support requests
- To comply with applicable laws and regulations
🔔
We will not use your information for targeted advertising, nor will we sell it to any third party.
03Data Storage & Security
3.1 Local Storage
By default, your 2FA keys and account data are stored only locally on your device, encrypted and protected using the Apple Keychain and safeguarded by device-level hardware encryption.
3.2 Access Control
The app supports authentication via Face ID, Touch ID, or your device passcode to prevent unauthorized access. Biometric authentication is processed locally on your device, and we cannot access the related data.
3.3 Transmission Security
All network communications (including cloud sync and crash report uploads) are transmitted encrypted via TLS 1.3.
3.4 Data Retention
Local data is retained until you uninstall the app or actively delete your account. Anonymous usage data such as crash logs is retained on the server side for no more than 90 days.
04Information Sharing & Disclosure
We do not sell, rent, or trade your personal information. We may share it only in the following circumstances:
- Service providers: Trusted third parties that help us operate the service (such as cloud infrastructure and crash analytics), limited to what is necessary to complete specific tasks.
- Legal requirements: Lawful disclosure as compelled by a court order, legal process, or governmental authority.
- Business transfers: In the event of a merger, acquisition, or sale of assets, we will notify users in advance and ensure the information receives equivalent protection.
- Safety protection: Disclosing information when necessary to protect the safety of users, the public, or the app.
05Cloud Backup & SyncPro+ Feature
Pro+ subscribers may choose to enable the cloud backup feature. Notes:
- The cloud backup feature is off by default and must be actively enabled by the user.
- Once enabled, your 2FA account data is stored in the cloud using end-to-end encryption (E2EE), and our servers cannot decrypt or view its contents.
- The encryption key is derived from your account password; forgetting the password will render the cloud backup unrecoverable, so please keep it safe.
- iCloud backup (synced through the Apple ecosystem) is subject to Apple's Privacy Policy.
06Third-Party Services
This app may integrate the following third-party services:
- Apple App Store: Processes subscription purchases and payments; subject to Apple's Privacy Policy.
- Firebase Crashlytics (or similar): Collects anonymous crash reports to help us fix issues.
- RevenueCat (if applicable): A subscription management service that handles purchase verification.
We review the privacy practices of our partner service providers to ensure they meet reasonable data protection standards.
07Children's Privacy
This app is not intended for children under the age of 13 (under 16 in the EU). We do not knowingly collect children's personal information. If you discover that we have inadvertently collected a child's information, please contact us immediately and we will delete the relevant data as soon as possible.
08Your Rights & Choices
Depending on the laws of your region (including GDPR, CCPA, etc.), you may be entitled to the following rights:
- Right of access: Obtain a copy of the personal data we hold about you.
- Right to rectification: Update or correct inaccurate personal information.
- Right to erasure: Request deletion of your account and related data.
- Right to data portability: Export your data in a structured format.
- Withdrawal of consent: Turn off the collection of crash reports and analytics data at any time.
- Right to opt out of sale: We do not sell your data, so this right is inherently guaranteed.
To exercise the above rights, please contact us using the contact information at the end of this policy. We will respond to your request within 30 business days.
09Cross-Border Data Transfers
If you are located in the European Economic Area (EEA), the United Kingdom, or another region with data transfer restrictions, some of your data (such as crash reports) may be transferred to servers in other countries/regions for processing. We will ensure that such transfers comply with applicable legal requirements through Standard Contractual Clauses (SCCs) or other appropriate mechanisms.
10Changes to This Privacy Policy
We may update this Privacy Policy from time to time. In the event of material changes, we will notify you in the following ways:
- Sending an in-app notification
- Sending an email (for users with registered accounts)
- Updating the "Last Updated" date at the top of this page
Your continued use of the app constitutes acceptance of the updated Privacy Policy.
11Contact Us
If you have any questions, suggestions, or data requests regarding privacy, please contact us:
NEUXMIND (HK) LIMITED
shortymovie@outlook.com
We commit to acknowledging receipt of your request within 5 business days and providing a formal response within 30 business days.