Privacy Policy

OtpVault — Secure 2FA Authenticator

Last updated: June 2026

Information We Collect

When you create an account, we collect your email address and an encrypted version of your vault. The encryption key is derived from your password on your device and never sent to our servers. We do not collect any personal information beyond what is necessary to provide the service.

How We Use Your Information

Your email is used solely for authentication and to associate your encrypted vault with your account. Your encrypted vault data is stored on our servers solely for the purpose of cloud backup and restoration across your devices.

Data Storage and Security

All vault data is encrypted end-to-end using AES-256-GCM before leaving your device. The encryption key is derived from your password using Argon2id and never transmitted. We have no ability to access your vault contents.

Data Sharing

We do not sell, trade, or share your personal information with third parties. Encrypted vault data may be stored on Supabase infrastructure for cloud backup functionality.

Your Rights

You may delete your account and all associated data at any time. Contact us to request data deletion. You can export your vault data at any time from the app settings.

Changes to This Policy

We may update this Privacy Policy from time to time. Users will be notified of material changes through the app.

Contact

If you have questions about this Privacy Policy, please open an issue on our GitHub repository.