Privacy Policy

Effective Date: January 1, 2025

Last Updated: January 1, 2025

Introduction

At UnderJoy Authenticator, your privacy is our highest priority. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our multi-factor authentication (MFA) and two-factor authentication (2FA) services across our Android, Windows, iPhone (coming soon), and Web applications.

We are committed to maintaining the confidentiality and security of your information. This policy has been crafted to comply with applicable data protection regulations and to provide you with complete transparency about our data practices.

Information We Collect

Account Information

When you create an account with UnderJoy Authenticator, we collect and store the following information:

• Email Address: We collect your email address to manage your sign-in process, enable account verification, facilitate password recovery, and send important service-related notifications.
• Name: We collect your full name to personalize your experience within the app and display it in your user profile for better identification and user experience.
• Authentication Method: We use Google Authentication as our primary authentication provider. Your password is never stored on our servers as authentication is managed entirely by Google's secure infrastructure.

Authenticator Data

For each authentication client you add to UnderJoy Authenticator, we securely store:

• Provider Name: The name of the service or application (e.g., "Google", "Microsoft", "GitHub") for easy identification and organization in your authenticator list.
• Login Name/Account Identifier: The username, email, or account identifier associated with each authentication client for your visual reference and convenience.
• Secret Key (Encrypted): The TOTP secret key required to generate authentication codes. This is stored in encrypted form using industry-standard encryption protocols to ensure maximum security.

How We Use Your Information

We use the collected information solely for the following purposes:

• Service Delivery: To provide you with multi-factor authentication services and generate time-based one-time passwords (TOTP) for your accounts.
• Account Management: To manage your user account, verify your identity, and enable secure access to our services across multiple devices.
• Synchronization: To synchronize your authentication clients across all your devices (Android, Windows, iPhone, and Web) for a seamless multi-device experience.
• Service Improvement: To improve our application's functionality, user experience, and security features based on anonymized usage patterns.
• Communication: To send you important service updates, security alerts, and respond to your support requests.

Data Security and Protection

We take the security of your data extremely seriously and implement multiple layers of protection:

• End-to-End Encryption: Your authentication data is encrypted both in transit and at rest using military-grade encryption standards.
• Secure Authentication: We leverage Google Authentication's robust security infrastructure to protect your account credentials.
• No Third-Party APIs: We do not use any third-party APIs or services that could compromise your data. All authentication code generation happens locally on your device.
• Secure Storage: All data is stored on secure servers with restricted access, regular security audits, and automated backup systems.
• Local Processing: TOTP codes are generated locally on your device, ensuring that your secret keys are never transmitted unnecessarily.

Data Retention and Deletion

• Account Data: Your account information (email and name) is retained as long as your account remains active.
• Authenticator Data: When you delete an authenticator card from your app, all associated data (provider name, login name, and encrypted secret key) is permanently and irreversibly removed from our database immediately.
• Account Deletion: You have the right to delete your entire account at any time through the app settings. Upon account deletion, all your data, including all authenticator clients, will be permanently removed from our systems within 30 days.
• Backup Data: Backup copies are automatically deleted within 90 days after account deletion.

Usage Limits and Fair Use

• Unlimited Authenticators: You can add and use as many Multi-Factor Authentication (MFA) clients as you need. There are no artificial limits on the number of authentication clients you can manage.
• Service Purpose: We collect and use your information solely for providing authentication services. Your data is never used for advertising, marketing to third parties, or any purpose beyond delivering our core service.
• No Data Mining: We do not analyze your authentication patterns, usage behavior, or personal data for commercial purposes.

Data Sharing and Third Parties

We are committed to keeping your data private and secure:

• No Data Selling: We do not sell, rent, trade, or otherwise share your personal information with any third parties for commercial purposes. Ever.
• No Marketing Lists: Your email address will never be added to third-party marketing lists or shared with advertisers.
• No Analytics Tracking: We do not use third-party analytics services that track your behavior across different websites or applications.
• Limited Exceptions: We may only share your information in the following extremely limited circumstances:
  • When required by law, court order, or legal process
  • To protect our rights, property, or safety, or that of our users
  • In the event of a business transfer, merger, or acquisition (with prior notice to you)

Your Rights and Control

You have complete control over your data:

• Access: You can view all your stored authentication clients and account information within the app at any time.
• Modification: You can edit or update your account information and authenticator details whenever needed.
• Deletion: You can delete individual authenticator cards or your entire account at any time without requiring our approval.
• Export: You can export your authentication data for backup or migration purposes.
• Portability: Your data is yours. You can request a copy of your data in a standard, machine-readable format.

Offline Functionality

One of our key features is offline functionality:

• Once you've logged in and synchronized your data, the app can generate authentication codes even without an internet connection.
• Your encrypted data is cached securely on your device to enable offline access.
• No data is transmitted to our servers when you're using the app offline.
• However, you must have an internet connection to initially log in, sync new authenticators, or update account information.

Children's Privacy

UnderJoy Authenticator is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take immediate steps to delete such information from our systems.

International Data Transfers

Your data is primarily stored on secure servers located in India. If you access our services from outside India, please be aware that your information may be transferred to, stored, and processed in India. By using UnderJoy Authenticator, you consent to the transfer of your information to India and its processing in accordance with this Privacy Policy.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes to this policy:

• We will update the "Last Updated" date at the top of this page
• We will notify you via email or through an in-app notification
• We will provide you with a summary of the key changes
• Your continued use of the service after the changes take effect constitutes acceptance of the updated policy

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: dipzstudio@gmail.com
• Company: DipZ Enterprise
• Location: Pune, Maharashtra, India
• Feedback: You can also submit feedback through our feedback page

Transparency and Trust

At UnderJoy Authenticator, transparency is fundamental to our relationship with you. We believe you have the right to know exactly how your data is handled. This Privacy Policy represents our commitment to maintaining your trust by being completely transparent about our data practices.

What's yours stays yours. We are dedicated to protecting your privacy and ensuring that your authentication data remains secure, private, and under your control at all times.

Thank you for trusting UnderJoy Authenticator with your digital security.