Back to home

Privacy Policy

How 2FA Authenticator handles local TOTP secrets and limited account-related data

2026/06/02

Introduction

This Privacy Policy explains how 2FA Authenticator handles information when you use the website.

The core function of this website is a TOTP generator that is designed to work locally in your browser. TOTP secrets you paste, scan from an otpauth:// QR code, or save in the workbench are processed in your browser and stored in your current browser storage. They are not sent to our server to generate codes.

Information We Handle

We may handle different categories of information depending on which parts of the website you use.

1. Local TOTP data

When you use the TOTP tool on this website, the following data may stay in your browser:

  • TOTP secrets you enter or import
  • App names, account labels, and remarks you save
  • TOTP settings contained in imported otpauth:// data, such as issuer, algorithm, digits, and period

This data is stored locally in your current browser so the tool can show and refresh codes for you.

2. Basic technical request data

Like most websites, our hosting and infrastructure may receive basic technical request data, such as:

  • IP address
  • Browser and device information
  • Request time and requested pages

We use this information for site delivery, security, troubleshooting, and abuse prevention.

3. Optional account, payment, and contact data

If you choose to use account, billing, newsletter, or contact features in addition to the TOTP tool, we may process information such as:

  • Name and email address
  • Authentication-related account data
  • Payment and billing records needed to complete purchases or manage plans
  • Messages you send to us

We use that information only to operate those optional features and related support workflows.

How We Use Information

We use information for the following limited purposes:

  • To provide the website and its TOTP tool
  • To save local TOTP entries in your browser when you choose to store them
  • To operate optional account, payment, and support features
  • To maintain security, prevent abuse, and diagnose technical problems
  • To comply with legal obligations when required

What We Do Not Do With TOTP Secrets

For the TOTP generator provided on this website, we do not use your TOTP secrets for profiling, advertising, or remote code generation.

Please note that if you manually submit a secret to us by email or through a support channel, that communication is outside the local-only browser flow and will be handled as part of that support request.

Data Storage and Retention

TOTP entries you save in the workbench are kept in your current browser storage until you edit, delete, or clear them yourself, or until your browser removes them.

Account, payment, newsletter, or support records may be retained on our systems for as long as needed to operate the service, keep required business records, resolve disputes, enforce agreements, or satisfy legal obligations.

Third-Party Services

We may rely on third-party providers for infrastructure and optional website features, such as authentication, payments, email delivery, storage, or security. Those providers only receive the data needed to perform their role.

The TOTP generator on this website is intended to generate codes locally in your browser rather than by sending secrets to our server.

Your Choices

You can control your use of the TOTP tool by:

  • Avoiding saving secrets you do not want stored in the current browser
  • Deleting saved local entries from the workbench
  • Clearing browser storage on your device

If you use optional account or newsletter features, you may also contact us to request account-related assistance.

Security

We take reasonable steps to protect server-side account and business data. However, no website or storage system can guarantee absolute security.

You are responsible for the security of your own device and browser profile. If someone gains access to the browser profile where you saved TOTP entries, they may be able to access those entries.

Changes to This Privacy Policy

We may update this Privacy Policy when the product or legal requirements change. The latest version will be posted on this page.

Contact Us

If you have questions about this Privacy Policy, email contact@2fa-auth.app.

Cookie PolicyPrivacy PolicyTerms of Service