Privacy policy

This privacy policy is applicable to the Open Authenticator app (hereinafter referred to as Application) for mobile devices, which was developed by Skyost (hereinafter referred to as Service Provider) as a subscription supported service. This service is provided AS IS.

User Provided Information

The Application acquires the information you supply when you download and register the Application. Registration with the Service Provider is not mandatory. However, bear in mind that you might not be able to utilize some of the features offered by the Application unless you register with them. The Service Provider may also use the information you provided them to contact you from time to time to provide you with important information, required notices, and marketing promotions.

Automatically Collected Information

In addition, the Application may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device`s unique device ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browsers you use, and information about the way you use the Application. This data collection is needed in order to better understand crash logs.

Does the Application collect precise real-time location information of the device ?

This Application does not gather precise information about the location of your mobile device.

Do third parties see and/or have access to information obtained by the Application ?

Only aggregated, anonymized data is periodically transmitted to external services to aid the Service Provider in improving the Application and their service. The Service Provider may share your information with third parties in the ways that are described in this privacy statement.

Third-Party Providers

Please note that the Application utilizes third-party services that have their own Privacy Policy about handling data. Below are the links to the Privacy Policy of the third-party service providers used by the Application :

• Google Play Services
• Firebase (including but not limited to Crashlytics, Cloud Firestore, ...)
• RevenueCat

Please note that the Application utilizes third-party services that have their own Privacy Policy about handling data. Below are the links to the Privacy Policy of the third-party service providers used by the Application :

Disclosure of Information

The Service Provider may disclose User Provided and Automatically Collected Information :

• as required by law, such as to comply with a subpoena, or similar legal process;
• when they believe in good faith that disclosure is necessary to protect their rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
• with their trusted services providers who work on their behalf, do not have an independent use of the information we disclose to them, and have agreed to adhere to the rules set forth in this privacy statement.

What are my opt-out rights?

You can halt all collection of information by the Application easily by uninstalling the Application. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network.

Data Retention Policy, Managing Your Information

The Service Provider will retain User Provided data for as long as you use the Application and for a reasonable time thereafter. The Service Provider will retain Automatically Collected information for up to 24 months and thereafter may store it in aggregate. If you'd like the Service Provider to delete User Provided Data that you have provided via the Application, please contact them and they will respond in a reasonable time. Please note that some or all of the User Provided Data may be required in order for the Application to function properly. Your master password is not transmitted to any remote server. If you forget it, we cannot help your recovering it. Please be aware that, although we endeavor provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.

Children

The Service Provider does not use the Application to knowingly solicit data from or market to children under the age of 13. The Application does not address anyone under the age of 13. The Service Provider does not knowingly collect personally identifiable information from children under 13 years of age.

Security

The Service Provider is concerned about safeguarding the confidentiality of your information. The Service Provider provides physical, electronic, and procedural safeguards to protect information we process and maintain. For example, if you choose to synchronize your data between your devices, we use Firebase Cloud Firestore to store your TOTPs. Their secret & metadata are encrypted using an AES-GCM algorithm with an Argon2 derived key based on your master password and a random salt.

Changes

This Privacy Policy may be updated from time to time for any reason. The Service Provider will notify you of any changes to the Privacy Policy by updating this page with the new Privacy Policy.

This privacy policy is effective as of 2024-04-01.

Contact Us

If you have any questions regarding privacy while using the Application, or have questions about the practices, please contact the Service Provider.