Privacy Policy

Apple App Privacy label summary

• Data Used to Track You: None. The app does not use the Advertising Identifier (IDFA), does not include ad networks, and does not share data with third parties for their own marketing.
• Data Linked to You: None. We do not set a User ID and do not collect name, email, phone number, or any identifier you provide.
• Data Not Linked to You: Usage Data (product interaction), Diagnostics (crash data, performance data, other diagnostic data), and Identifiers (Firebase installation ID / App Instance ID — a pseudonymous identifier that is not the IDFA), collected via Google Analytics for Firebase and Firebase Crashlytics.

What the app stores on your device

• TOTP/HOTP secrets — stored in the iOS Keychain with kSecAttrAccessibleWhenUnlockedThisDeviceOnly. They are device-only, cannot be extracted, and are excluded from iCloud and iTunes/Finder backups.
• Account metadata (service name, account label, algorithm, period, digit count, icon, display order) — stored locally via SwiftData.
• Widget cache — pre-computed code strings used to render the home-screen widget and Lock Screen Live Activity. Written to an App Group UserDefaults container (group.app.tools.2fa). Contains current codes only — never secrets.

Optional iCloud sync (your iCloud only)

If you have iCloud enabled on your device, SwiftData syncs account metadata only to your private CloudKit container (iCloud.app.tools.2fa). This allows your account list to appear on your other Apple devices signed in to the same Apple ID.

Secrets are never synced. The Keychain accessibility attribute we use prevents them from leaving the device where they were added.

You control this sync in iOS Settings → Apple ID → iCloud → Apps Using iCloud → 2Fatool.

Camera access

The camera is used only to scan otpauth:// QR codes when you add a new account. Frames are processed on-device using AVFoundation and the Vision framework, used to extract the QR payload, and then discarded. Nothing from the camera is transmitted or stored. Camera access is triggered only by your explicit action.

Clipboard

Tapping a code copies it to the system clipboard so you can paste it into the service you are signing in to. The app only writes to the clipboard; it never reads it.

Analytics and crash reporting (Google Analytics for Firebase)

The app uses Google Analytics for Firebase and Firebase Crashlytics to understand aggregate usage and to fix crashes. Both are initialized by FirebaseApp.configure() at launch.

What these services collect:

• Automatically-logged events from Firebase Analytics (for example first_open, session_start, app_update, screen_view).
• Device and app information — device model, operating system version, app version, language, coarse region (derived from IP and then discarded by Google after derivation).
• Firebase installation ID / App Instance ID — a pseudonymous identifier generated on your device and reset when you reinstall the app. This is not the iOS Advertising Identifier (IDFA); the app does not request IDFA and does not show the App Tracking Transparency prompt.
• Crash reports from Firebase Crashlytics when the app crashes — stack traces, device model, OS version, app version, and a session identifier. The crash report does not include any account names, TOTP secrets, or codes.

We do not log custom events that describe your 2FA accounts and we do not set a User ID. The data is aggregated by Google on its Firebase servers under Google's privacy policy (firebase.google.com/support/privacy, policies.google.com/privacy).

The app does not include any other analytics, attribution, or advertising SDK (no Sentry, Adjust, AppsFlyer, Mixpanel, Amplitude, AppLovin, IronSource, Unity Ads, AdMob, or similar).

What the app does not do

• No account creation, login, or Sign in with Apple.
• No in-app purchases or subscriptions.
• No push notifications or local notifications.
• No web views, no in-app browser, no in-app messaging.
• No access to contacts, location, photo library, microphone, health, or motion data.
• No advertising, no ad networks, no use of the iOS Advertising Identifier (IDFA).
• No user-level profiling: no User ID is set in analytics, so events cannot be linked back to you personally.

Your privacy choices

• Delete a single account entry: swipe-to-delete in the app. Its secret is removed from the Keychain and its metadata is removed from SwiftData (and from your iCloud on next sync).
• Delete everything: delete 2Fatool from your device. The app's Keychain entries for the app group are removed on uninstall.
• Disable iCloud sync: iOS Settings → Apple ID → iCloud → Apps Using iCloud → toggle 2Fatool off. To also purge the metadata already stored in your iCloud, sign in to iCloud.com → Manage Account Storage → 2Fatool, or disable and remove from iCloud.
• Reset the Firebase installation identifier used for analytics: delete and reinstall the app — a new pseudonymous Firebase installation ID is generated, and future Analytics and Crashlytics events cannot be linked to those from the previous install.
• Stop sending any analytics / crash data: delete the app. The app currently does not expose an in-app toggle for Analytics; if you want one, please let us know at the contact address below.

Data retention

On-device data (Keychain, SwiftData) lives until you delete the entry or uninstall the app. Firebase Analytics event data is retained by Google according to the project's Firebase Analytics retention setting (Google's default is 14 months). Crash reports in Firebase Crashlytics are retained for 90 days. Resetting your Firebase installation ID (by reinstalling the app) detaches future events from prior history.

Third-party services

• Apple CloudKit — your private container, used for the optional iCloud sync of account metadata described above.
• Google (Firebase) — receives the Analytics events and crash reports described in the section above, under Google's Firebase data-processing terms.

Children's privacy

2Fatool is not directed at children under 13. Because the app collects no personal data, there is no data collection that requires parental consent.

Changes to this policy

If we change this policy, we will publish the new version at this URL and update the effective date below. Material changes will be announced on the app's App Store page.

Contact

For privacy-related inquiries, contact us at [email protected].