Privacy Policy

Last updated: July 19, 2026

1. Introduction

Welcome to Auth Dammit. This Privacy Policy explains how we collect, use, and protect your information when you use our authenticator application. This policy is designed to comply with the General Data Protection Regulation (GDPR) and the Digital Personal Data Protection Act, 2023 (DPDPA).

2. Data Collection and Usage

Auth Dammit is designed to maximize your privacy while ensuring you do not lose access to your accounts. The core functionality of generating time-based one-time passwords (TOTP) is performed on your device.

3. Google API Data Usage

Auth Dammit uses Google Sign-In to securely identify users and sync their encrypted 2FA vaults across devices. We request access to your basic profile (name, email address, and profile picture) solely for identification and account recovery purposes.

Auth Dammit's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not sell your Google data to third parties, nor do we use it for advertising.

4. Your Rights (GDPR & DPDPA)

Under the GDPR and DPDPA, you have the right to:

5. Data Security

We implement robust security measures to protect your data. However, the ultimate security of your authenticator data relies on the security of your device. You are responsible for maintaining device security (e.g., using strong device passwords, avoiding compromised devices).

6. Disclaimer on Data Leaks

Crucial Notice: Auth Dammit provides a utility for managing authenticator codes. While we utilize secure cloud infrastructure (Firebase) to sync your data, you acknowledge that we do not have plaintext access to your secrets, nor can we prevent compromised accounts. In the event of a device compromise, malware infection, unauthorized physical access, account takeover (e.g., your Google account), or any other leak of authenticator data, the developers of Auth Dammit bear no responsibility or liability for any resulting loss, financial or otherwise.

7. Grievance Redressal

If you have any questions, concerns, or grievances regarding this Privacy Policy or our data practices, or if you would like to exercise your right to erasure, please submit a Data Deletion Request.

← Back to Home