Privacy Policy for Authly

Last updated: May 1, 2026

Authly is designed to work offline first. If you choose to sign in and use Firebase backup or restore, your 2FA secrets are encrypted on your device before being synced.

1. Introduction

Authly ("we," "our," or "us") respects your privacy. This Privacy Policy explains how Authly handles data when you use the app.

2. Information We Collect

TOTP account labels such as issuer and account name
Encrypted 2FA secrets when you enable backup or sync
App settings such as theme and lock preferences
Basic account information from Firebase Authentication if you choose to sign in

3. How We Use Information

To generate and display your TOTP codes locally
To securely back up or restore tokens across devices
To provide biometric unlock and account management features
To maintain your sync state and app preferences

4. Storage and Security

Authly stores data locally using secure device storage. For cloud sync, secrets are encrypted on-device before they are stored in Firestore. Firestore is never intended to store plain-text 2FA secrets.

5. Third-Party Services

Authly may use the following services if you enable their related features:

Firebase Authentication: For login and account management
Cloud Firestore: For encrypted token backup and restore

6. Your Choices

Use Authly completely offline without creating an account
Enable or disable cloud backup as needed
Delete your account and synced data at any time

7. Children's Privacy

Authly is not intended for children under 13, and we do not knowingly collect personal information from children under 13.

8. Changes to This Policy

We may update this Privacy Policy from time to time. If we do, we will update the "Last updated" date above.

9. Contact

If you have questions about this Privacy Policy, contact us at:

Email: nippydeveloper@gmail.com