Privacy Policy

Last updated: December 25, 2025

Introduction

Easy Auth ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our TOTP authenticator service.

Information We Collect

Account Information

When you sign in using OAuth (Google or GitHub), we receive:

  • Your email address
  • Your display name
  • Your profile picture URL
  • A unique identifier from the OAuth provider

We do not receive or store your OAuth provider password.

TOTP Data

Your TOTP secrets are encrypted on your device before being sent to our servers. We store:

  • Encrypted TOTP data (we cannot decrypt this)
  • Encryption salt (used to derive your key)
  • Encrypted key verifier (to confirm correct password)

Important: We use zero-knowledge encryption. Your encryption password never leaves your device, and we cannot access your plaintext TOTP secrets.

How We Use Your Information

We use the collected information to:

  • Authenticate you and provide access to your account
  • Store and sync your encrypted TOTP data across devices
  • Maintain and improve our service
  • Respond to support requests

Data Storage and Security

Your data is stored on AWS DynamoDB in the US East region. We implement industry-standard security measures including:

  • HTTPS encryption for all data in transit
  • AES-256-GCM encryption for your TOTP secrets
  • PBKDF2 with 600,000 iterations for key derivation
  • Secure session management with JWT tokens

Data Sharing

We do not sell, trade, or otherwise transfer your information to third parties. We may share data only:

  • With service providers who assist in operating our service (AWS)
  • When required by law or to protect our rights

Data Retention

We retain your data for as long as your account is active. You can request deletion of your account and all associated data at any time by contacting us.

Your Rights

You have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data

Cookies

We use essential cookies only for authentication and session management. We do not use tracking cookies or third-party analytics.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Contact Us

If you have questions about this Privacy Policy, please contact us or email caprichano@gmail.com