Privacy Policy
Nanjing Xiayuyue Network Technology Co., Ltd.
Effective Date: May 2025
1. Introduction
This Privacy Policy explains how Nanjing Xiayuyue Network Technology Co., Ltd. (hereinafter referred to as "we", "us", or "our") processes your information when you use the Authenticator application (hereinafter referred to as "the App"). We comply with all applicable personal data protection laws and regulations.
Before using the App, please read this policy carefully. Continued use of the App indicates that you understand and agree to all terms outlined in this policy.
Core Security Design
We firmly believe that your data belongs strictly to you. The App adopts a local-first security sandbox architecture. All of your secret keys and account details are securely encrypted and kept on your local device via Apple's hardware-backed Keychain technology. Even during cloud synchronization or Apple Watch syncing, data is transmitted strictly through Apple's trusted, end-to-end encrypted iCloud pathways, entirely bypassing our own servers. In our technical architecture, we have structurally eliminated the possibility of accessing your data, going far beyond simple written promises.
2. Data Collection and Usage
Account & 2FA Data: We do not upload your 2FA secret keys, generated dynamic passcodes, or account identifiers to our servers. Therefore, we do not collect, store, or share this data with any third party.
iCloud Backup & Sync: When you enable iCloud synchronization, your encrypted database is stored in your personal iCloud container. Both transit and storage are secured by Apple's official end-to-end encryption. We have no access to your iCloud account, nor do we have access to any backup files.
3. Device Permissions
To enable the core functionalities of the App, we may request the following permissions as necessary:
- Camera Permission: Used solely for scanning QR codes to quickly add new 2FA accounts. Captured video frames are processed locally in real-time and are never saved or uploaded.
- Photo Library Permission: Used only when you manually choose to "Import QR Code from Photos". Image recognition is performed locally on your device, and your photos are never uploaded.
- Network Permission: Used strictly for iCloud synchronization. The App does not communicate with any external self-built servers.
4. Your Rights to Data Control
| Rights | How to Exercise |
|---|---|
| View Verification Data | Directly view all added accounts and accounts settings inside the App. |
| Modify Account Details | Edit account labels, issuer names, or notes at any time inside the App. |
| Delete Local Data | Remove accounts individually inside the App, or uninstall the App entirely. |
| Withdraw Permissions | Go to device "System Settings" to turn off Camera, Photos, or Cellular/Wi-Fi permissions. |
5. Data Security
Your local data is strongly encrypted via iOS hardware-backed Keychain technology. We recommend setting a secure device passcode and enabling the "App Lock" biometric security feature inside the App settings to prevent unauthorized physical access to your verification codes.
6. Third-Party SDK Data Collection
To ensure App stability, locate crashes, perform statistical analysis, and manage subscriptions, we integrate third-party partner SDKs:
| SDK Name | Service Type | Data Collected | Privacy Policy |
|---|---|---|---|
| Umeng SDK (UMCommon/UMAPM) | Analytics & Performance Monitoring | Device Information (OpenUDID, GUID, IP address, device model, OS version, network connection type) | Umeng Policy |
| Adapty SDK | Subscription Management | Device Information (IDFV, device model, OS version, IP address, language, timezone) and Transaction Data | Adapty Policy |
7. Children's Privacy
The App is intended for adults with full civil capacity. Minors should use this application under the guidance of their legal guardians.
8. Changes to this Policy
We may update this Privacy Policy from time to time in response to legal changes or product improvements. The updated version will be published inside the App or on our official website. Continued use indicates agreement to the updated terms.
9. Contact Us
If you have any questions or concerns regarding this policy, please contact us:
- Company: Nanjing Xiayuyue Network Technology Co., Ltd.
- Email: service@xiayuyue.com
- Website: http://authenticator.xiayuyue.com/zh/