Autiz Privacy Policy
Last updated: March 20, 2026
Overview
Autiz is a 2FA authenticator application. We are committed to protecting your privacy. This policy explains how Autiz handles your data.
Data Collection
Autiz collects the following data, which is stored exclusively on your device:
- Authentication credentials: TOTP secret keys, encrypted locally
- Account metadata: Service names (issuer), account labels, icons, colors, tags
- User preferences: Theme, language settings
Data Storage
Local Storage (default):
- By default, all data is stored locally on your device using browser storage (IndexedDB, chrome.storage) or on-device databases
- TOTP secrets are encrypted using AES-256-GCM with keys derived via PBKDF2-SHA256
- No analytics or tracking is implemented
Cloud Sync (optional, when available):
- Autiz may offer an optional cloud sync feature to synchronize encrypted account data across your devices
- Cloud sync is strictly opt-in — it is never enabled without your explicit consent
- All data transmitted to cloud servers is end-to-end encrypted before leaving your device — the server cannot read your secrets
- Cloud-synced data is encrypted with keys derived from your credentials, which are never sent to the server
Data Sharing
- Autiz does not sell, transfer, or share any user data with third parties
- Autiz does not use user data for purposes unrelated to its core functionality
- Autiz does not use user data for creditworthiness or lending purposes
- If cloud sync is enabled, encrypted data is transmitted solely to Autiz-operated servers for the purpose of multi-device synchronization
Permissions
| Permission | Purpose |
|---|---|
| storage | Store encrypted account data and user preferences locally |
| activeTab | Capture current tab screenshot for QR code scanning |
| tabs | Detect current website URL for OTP autofill matching |
| identity | Google OAuth authentication for secure vault access |
Host Permissions
Autiz injects a content script on web pages solely to detect OTP input fields and provide autofill functionality when explicitly requested by the user.
Data Deletion
Users can delete all stored data at any time by:
- Removing individual accounts within the app
- Using the "Reset all data" option in Settings
- Uninstalling the extension (all local data is automatically removed)
Changes to This Policy
We may update this privacy policy from time to time. Changes will be reflected in the "Last updated" date above.
Contact
If you have questions about this privacy policy, please contact us at support@autiz.app.