Privacy Policy
Last updated: March 2026
Overview
VaultSpec Authenticator (“the App”) is a privacy-focused, open-source two-factor authentication application. The App is designed to operate without requiring user accounts or external data transmission.
The App does not collect or share personal data.
Data Storage
All data — including TOTP secrets, account metadata, and application preferences — is stored locally on your device.
Sensitive data is encrypted using AES-256-GCM with keys derived via scrypt. Preferences are stored using Android's EncryptedSharedPreferences backed by the Android Keystore.
The App does not transmit user data to external servers.
Users have full control over their data, including the ability to delete all stored data by uninstalling the App or removing accounts within the App.
Camera Permission
The App requests camera access solely for scanning QR codes to add authenticator accounts.
Camera input is processed locally on-device. No images or camera data are stored or transmitted. The camera is only used when the user actively opens the scanner.
Biometric Authentication
The App supports biometric authentication (fingerprint or face) using Android's BiometricPrompt API.
Biometric data is processed by the Android operating system and is not accessed, stored, or shared by the App.
Backups
The App allows users to create encrypted backups stored in a location chosen by the user.
Backup files are encrypted using AES-256-GCM with a password provided by the user. The App does not automatically upload backups or transmit them externally.
Users are responsible for securely storing and managing their backup files.
Analytics & Tracking
The App does not include analytics, advertising SDKs, or tracking technologies.
Third-Party Services
The App does not use third-party services that collect user data.
Open Source
VaultSpec Authenticator is open source under the GPL-3.0 license.
Source code: github.com/VaultSpec/authenticator-android
Changes to This Privacy Policy
This Privacy Policy may be updated from time to time. Any changes will be reflected on this page with an updated “Last updated” date.
Contact
For questions or concerns regarding this Privacy Policy, contact: dhruvesh3466@protonmail.com