Privacy Policy for OTP Safe

Privacy Policy for the iOS App OTP Safe according to GDPR

Privacy Policy for OTP Safe

Effective Date: February 2025

1. Controller

Mathias Todisco

Wilmersdorfer Str. 122-123

10627 Berlin

Germany

Email address: hello [at] todisco [dot] de

Phone: +49 179 8174113

Imprint: Imprint

2. Introduction

OTP Safe is an iOS app for securely managing two-factor authentication codes (TOTP and HOTP). The protection of your personal data is important to us. This privacy policy informs you about the processing of your data when using our app.

3. Data Processing

3.1 Local Data Storage

OTP Safe is a completely local app. We collect and process the following data:

  • OTP Accounts: Service name, username, secret key, algorithm, time interval
  • Categories: Self-created categorizations of your accounts
  • App Settings: Sorting, view preferences

Important:

  • All data is stored exclusively locally on your device
  • No cloud synchronization - Your secrets never leave your device
  • No external servers - No data is transmitted to us or third parties
  • No trackers or analytics tools - We do not collect any usage data
  • No advertising - The app is ad-free

3.2 Security Features

  • iOS Keychain: Sensitive data is stored encrypted in the iOS Keychain
  • Biometric Authentication: Face ID / Touch ID / Optic ID to unlock the app
  • Encrypted Export: AES-256 encryption for backup files

3.3 Camera Access (optional)

If you allow camera access, OTP Safe can scan QR codes to add new accounts. The scanned data is only processed locally and not transmitted.

3.4 File Access (optional)

When importing or exporting backups, the app accesses local files. This data is only processed locally.

3.5 Feedback Function (optional)

If you use the optional feedback function, the following data is transmitted to our server (api.todisco.de):

  • Required information: Category, subject, message, timestamp, language setting
  • Optional information: Email address (only if you provide it)
  • Device information (optional): Device model, iOS version, app version (only if you consent to transmission)

Important:

  • The feedback function is completely optional
  • Your OTP secrets and account data are never transmitted
  • The data is used exclusively to process your feedback
  • Processing takes place on servers in Germany

4. Legal Basis for Processing

The processing of your data is based on the following legal grounds:

  • Art. 6 para. 1 lit. b GDPR (Contract fulfillment): Provision of app functions
  • Art. 6 para. 1 lit. a GDPR (Consent): Use of the optional feedback function

5. Data Sharing

Your OTP data is not shared with third parties. The only optional network communication is the feedback function, where your message is sent to our server (api.todisco.de). Your OTP secrets and account data are never transmitted.

6. Data Storage and Deletion

6.1 Storage Duration

Your data is stored locally on your device as long as you use the app. You have full control over your data at all times.

6.2 Deletion

You can delete your data at any time:

  • Individual Accounts: Delete in the app
  • Categories: Delete in the app
  • All Data: Uninstall the app from your device

7. Your Rights

You have the following rights:

  • Right of Access (Art. 15 GDPR): All data is directly viewable in the app
  • Right to Rectification (Art. 16 GDPR): Edit accounts directly in the app
  • Right to Erasure (Art. 17 GDPR): Delete data directly in the app
  • Right to Data Portability (Art. 20 GDPR): Export your data encrypted
  • Right to Lodge a Complaint: With the competent data protection supervisory authority

8. Data Security

We take appropriate technical and organizational measures to protect your data:

  • Local storage under iOS security mechanisms
  • Encrypted storage in iOS Keychain
  • Biometric protection (Face ID / Touch ID / Optic ID)
  • AES-256 encrypted backups
  • Minimal network communication (only optional feedback function)

iOS Security: Your data benefits from iOS sandboxing and device encryption.

9. No Profiling

There is no automated decision-making or profiling according to Art. 22 GDPR.

10. Changes to this Privacy Policy

We reserve the right to update this privacy policy to reflect changes in law or app features. The current version can always be found at:

https://todisco.de/en/otp-privacy

11. Contact

For privacy questions, contact us at:

Email: hello [at] todisco [dot] de

Address: Mathias Todisco, Wilmersdorfer Str. 122-123, 10627 Berlin, Germany

Note for users outside the EU:

This privacy policy is primarily based on the EU General Data Protection Regulation (GDPR). Users from other regions may have corresponding rights under local privacy laws.

Cookie settings

We use cookies to provide you with the best possible experience. They also allow us to analyze user behavior in order to constantly improve the website for you. Privacy Policy

Accept All Reject All Save