MFAuth App Privacy Policy

Last Updated: October 29, 2022

Summary

Welcome to MFAuth! Below is a quick summary of our privacy practices when you use the MFAuth web or mobile applications. The full version can be found below and is the one that is legally controlling.

When you use our app we collect:

We keep a record of your log-ins to your MFAuth account.
We do not sell your personal information.
We collect and securely store data including name, email, icon information, account data and media information to provide our services.
The data is encrypted before saving using the information derived from your password.
We use the information we gather from you to monitor for unusual or suspicious activity in your account, to communicate with you about your account, and as additional information to validate who you are.
Your information is stored on the servers in the U.S.
If you have questions about our data practices or information we store about you, you can email us at support@mfauth.in

Full Version

Introduction

MFAuth, a service offered by AtoZAppz, is a web and mobile app for ensuring two-step verification. MFAuth app generates one time passwords and push notifications on your web or mobile device that can be used as a part of a 2-step verification process with your online accounts enabling another layer of security. MFAuth can be used as an alternative to programs such as Google Authenticator or as a provider of 2-factor authentication for applications or programs that work with TOTP or HOTP algorithms for 2FA verification.

Below is a summary of our practices when it comes to collecting your personal information when you download and use the MFAuth web or mobile app.

When we refer to AtoZAppz, we mean the AtoZAppz entity which has developed the MFAuth App.

Before you submit any information on or through MFAuth, please carefully review this policy.

Data about our users

Data we process during account creation and account usage

Email Address. Once you open the MFAuth app, we ask you to provide us with an email to create your MFAuth account. We send a verification code to that email to be sure that the person creating the MFAuth account also has control over the email entered. After the email is verified, the email is used as the identifier for your MFAuth account that allows you to add and associate additional devices to your same MFAuth account.

Data we collect automatically

Device Information. When you download and open the MFAuth web or mobile app, we automatically collect information about the type of device you have downloaded the app on and your device identifier. We collect this to ensure we deliver the right version of the app for your device and so that we can provide appropriate follow up support as necessary.

IP Information. When you download and open the MFAuth web or mobile app, we automatically log the IP information from where the account is being accessed from.

Login History and MFAuth Account History. When you log into our app, we log and maintain history of your login attempts. We use logs for any changes to your IP address to monitor for suspicious or unusual activity.

Account Information. Any account data you add, along with any associated data, like Account Name, Issuer Name, Secret Key, Icon and Label information, etc. on MFAuth app, with or without a premium purchased version, is encrypted and synced with our servers to enable future recovery.

How we use your personal information

We use your email as an identifier for your MFAuth account. This allows you to download the MFAuth app onto various devices and associate those devices with your same MFAuth account. We may also use your email to send you verification codes as a way to verify your login attempt. We also use logs for any changes to your IP address to monitor for suspicious or unusual activity.

We may use your email address to send you information about other MFAuth and AtoZAppz products, services, or events that you might be interested in. You can choose not to receive marketing emails from us. If you wish to stop receiving our marketing emails you may click on the unsubscribe link that will appear at the bottom of any of our marketing emails or you can contact customer support.

We use information associated with your login activity, device information, and changes to your account to monitor for unusual or suspicious activity on your account and as any other piece of information that could be used to help us verify your identity if your account is compromised or may be compromised.

In addition to using device information as described above, we also use your device information to ensure proper delivery of our service and to provide and deliver support and maintenance of the MFAuth app.

Your personal information is generally stored until you advise us to close your MFAuth account and delete your records, and activity logs may be stored for up to a year for security purposes, or, if there is an ongoing investigation, until that matter is concluded.

MFAuth does not sell your personal information, nor does it share it with third parties for their own marketing purposes, nor do we allow third parties to use it for their own marketing purposes, unless you ask us to do this.

We may share your information with third parties as follows:

Third-party service providers. We may share your personal information with third-party service providers who need access to the personal information to perform their work on our behalf, like sharing personal information with our storage provider for the purposes of storing your personal information on our behalf. These third-party service providers are limited to only accessing or using this personal information to provide services to us and must provide reasonable assurances that they will appropriately safeguard the personal information.
Compliance with Laws. We may disclose your personal information to a third party if (i) we reasonably believe that disclosure is compelled by applicable law, regulation, legal process or a government request (including to meet national security or law enforcement requirements), (ii) to enforce our agreements and policies, (iii) to protect the security or integrity of our services and products, (iv) to protect ourselves, our other customers, or the public from harm or illegal activities, or (v) to respond to an emergency which we believe in good faith requires us to disclose personal information to assist in preventing a death or serious bodily injury. If we are required by law to disclose your personal information, we will notify you of that disclosure requirement, unless prohibited by law. Further, we object to requests that we do not believe were issued properly.
Other AtoZAppz entities. We may share your personal information within the AtoZAppz entities, such as with a subsidiary or brand name of AtoZAppz. We and our subsidiaries will only use the information as described in this policy.
Business transfers. If we go through a corporate sale, merger, reorganization, dissolution or similar event, personal information we gather from you may be part of the assets transferred or shared in connection with the due diligence for any such transaction. Any acquirer or successor may continue to use the personal information as described in this policy.
Aggregated or de-identified information. We might also share information with third parties if that information has been de-identified or aggregated in a way that does not identify you.

If you use the MFAuth app as an alternative to Google Authenticator, typically by adding your accounts (website or application) to the MFAuth App through scanning a QR code, MFAuth does not share your information with these websites or applications.

You may have certain rights to make choices regarding your personal information, including accessing it, deleting it, correcting it, restricting its use, porting it, or withdrawing consent. To make a request for deletion of your MFAuth account, to make a request to access additional information associated with your account, or to express any other choice regarding your personal information, contact support@mfauth.in. Please be aware that when you ask us for these things, we will take steps to verify that you are authorized to make the request.

Please keep in mind that when you ask us for your personal information, or you ask us to delete your personal information, we may need to withhold or retain some of that personal information for security, legal, or anti-fraud reasons. Also, we do need some of the personal information we have to maintain customer accounts. If you ask us to delete that information, we may not be able to continue providing you our services.

Promotional communications. In addition, you can choose not to receive promotional emails from us by following the unsubscribe/opt-out instructions in those emails. You can also opt-out by contacting customer support. Please note that even if you opt out of promotional communications, we may still send you non-promotional messages relating to things like updates to our terms of service or privacy policy, security alerts, and other policys relating to your access to or use of our products and services.

International data transfers

Your personal information may be transferred to the United States, India, and possibly other countries where we or our service providers operate. AtoZAppz employs appropriate safeguards for cross-border transfers of personal information, as required by applicable local law.

How we secure your personal information

We use appropriate measures to protect the security of your personal information both online and offline. These measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology. Please note though that no service is completely secure. So, while we strive to protect your personal information, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.

We use strong encryption techniques to protect your data from unauthorized access. It includes encryptiong your account data and secret keys using your password before uploading.

There are also things you can do to add extra protection to your MFAuth account. First, you should use password protection or activate biometrics (like Touch ID) for all devices on which you have downloaded the MFAuth app. This will prevent unauthorized users from accessing your MFAuth app.

Handling disputes relating to our privacy practices

If you have a dispute with us relating to our privacy practices, please contact our customer support by email at support@mfauth.in.

Other information you may find useful

How we tell you about changes to our privacy practices

We may change our Privacy Policy from time to time. If we make changes, we’ll revise the “Last Updated” date at the top of this policy, and we may provide additional notice such as on the MFAuth website homepage, in the app, or via the email address we have on file for you. We will comply with applicable laws with respect to any changes we make to this policy.

Information from children

We do not knowingly permit children (under the age of 13 in the US or 16, if you live in the EEA) to sign up for an MFAuth account. If we discover that someone who is underage has signed up for an MFAuth account, we will take reasonable steps to promptly remove that person’s personal information from our records. If you believe that a person who is underage has signed up for an MFAuth account, please contact us at support@mfauth.in.

Contact Information

You can contact us by emailing us at support@mfauth.in