Your privacy is our
top priority

Real Authenticator ("we," "us," or "our") operates the Real Authenticator iOS application (the "App") and the website at realauthenticator.app (the "Site"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App and Site.

We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about our policy or our practices regarding your personal information, please contact us at privacy@realauthenticator.app.

2.1 Information You Provide

When you use Real Authenticator with Sign in with Apple, Apple may share a unique identifier and, optionally, your name and email address with us. You may choose to use Apple's email relay service, in which case we never receive your actual email address.

Connection data (your trusted contacts and associated TOTP secrets) is stored on your device only and is not transmitted to our servers except as necessary to establish initial connections.

2.2 Information Collected Automatically

We may collect limited technical information including:

• Device type and operating system version
• App version and crash reports (via Apple's built-in crash reporting)
• Anonymous usage analytics (if you opt in)

We do not use advertising identifiers (IDFA), track your location, read your contacts list, or monitor your behavior within the App beyond what is necessary for core functionality.

2.3 Payment Information

All subscription payments are processed through the Apple App Store. We do not collect, store, or have access to your payment card information. Subscription management is handled entirely by Apple.

We use the information we collect to:

• Provide, operate, and maintain the App and its features
• Authenticate your identity via Sign in with Apple
• Facilitate the creation and management of trusted connections
• Send important service notifications (e.g., security alerts)
• Analyze and improve App performance and stability
• Comply with legal obligations

We do not use your data for advertising, sell it to third parties, or use it for any purpose not described in this policy.

Real Authenticator is designed with a privacy-by-default architecture:

• On-device storage: TOTP secrets, connection data, and verification codes are stored locally on your device using iOS Keychain and secure local storage.
• Biometric protection: Access to the App and your codes is protected by Face ID or Touch ID.
• Encrypted in transit: Any data transmitted to our servers (such as during connection setup) is encrypted using TLS 1.3.
• Supabase backend: Our server infrastructure uses Supabase with row-level security policies and encrypted storage.

Despite our best efforts, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

We retain your account data for as long as your account is active or as needed to provide services. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it by law.

You may request deletion of your data at any time by contacting privacy@realauthenticator.app.

We use a limited number of third-party services to operate the App:

• Apple Sign In: Authentication — governed by Apple's Privacy Policy
• Supabase: Backend infrastructure — data processed in accordance with Supabase's Privacy Policy
• RevenueCat: Subscription management — governed by RevenueCat's Privacy Policy

We do not embed advertising SDKs, social media trackers, or analytics platforms that profile individual users.

Real Authenticator is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us and we will take steps to delete such information.

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you
• Correct inaccurate personal information
• Request deletion of your personal information
• Object to or restrict processing of your personal information
• Data portability
• Withdraw consent at any time

To exercise any of these rights, contact us at privacy@realauthenticator.app.

We may update this Privacy Policy from time to time. We will notify you of any significant changes by updating the "Last updated" date at the top of this page and, where appropriate, by sending a notification through the App.

Your continued use of the App after any changes constitutes your acceptance of the new Privacy Policy.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

• Privacy inquiries: privacy@realauthenticator.app
• Security issues: security@realauthenticator.app
• General support: support@realauthenticator.app