Privacy Policy for Authenticator

Privacy Policy for Authenticator

Privacy Policy for Authenticator

Last updated: June 2026  |  Pixster Studio  |  Applies to: Android  |  feedback@pixsterstudio.com

Last updated: June 2026  |  Pixster Studio  |  Applies to: Android  |  feedback@pixsterstudio.com

1. About this Policy and the App

1. About this Policy and the App

This Privacy Policy explains how Pixster Studio LLP ("Pixster Studio", "we", "us" or "our") collects, uses, stores, shares and protects information in connection with the Authenticator application for Android (the "App") and the related websites and services we operate. For simplicity, we refer to all of these as our "services" in this Privacy Policy.

The App is a security tool that provides: (1) two-factor authentication (2FA / TOTP) code generation for multiple online services; (2) a password manager for storing your login credentials; and (3) optional cloud synchronization of your password manager and authenticator data through your Google Account. Because the App handles sensitive information, we have designed it to be privacy-first: wherever possible, your data stays on your device, and sensitive data is encrypted.

By installing or using the App, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the App.

This Privacy Policy explains how Pixster Studio LLP ("Pixster Studio", "we", "us" or "our") collects, uses, stores, shares and protects information in connection with the Authenticator application for Android (the "App") and the related websites and services we operate. For simplicity, we refer to all of these as our "services" in this Privacy Policy.

The App is a security tool that provides: (1) two-factor authentication (2FA / TOTP) code generation for multiple online services; (2) a password manager for storing your login credentials; and (3) optional cloud synchronization of your password manager and authenticator data through your Google Account. Because the App handles sensitive information, we have designed it to be privacy-first: wherever possible, your data stays on your device, and sensitive data is encrypted.

By installing or using the App, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the App.

2. A note on sensitive data and our design

2. A note on sensitive data and our design

Your two-factor authentication secrets (the "seeds" used to generate codes) and your password manager entries (such as usernames, passwords and notes) are the most sensitive information in the App. We treat this data as confidential:

  • This data is stored on your device in an encrypted form and is protected by your device security and, where you enable it, by biometric or PIN/passcode lock within the App.

  • We do not sell this data, and we do not use the contents of your password vault or your 2FA secrets for advertising, profiling, or any purpose other than providing the features you ask for.

  • When this data is transmitted (for example, during cloud sync), it is protected in transit using industry-standard encryption (TLS/HTTPS).

Your two-factor authentication secrets (the "seeds" used to generate codes) and your password manager entries (such as usernames, passwords and notes) are the most sensitive information in the App. We treat this data as confidential:

  • This data is stored on your device in an encrypted form and is protected by your device security and, where you enable it, by biometric or PIN/passcode lock within the App.

  • We do not sell this data, and we do not use the contents of your password vault or your 2FA secrets for advertising, profiling, or any purpose other than providing the features you ask for.

  • When this data is transmitted (for example, during cloud sync), it is protected in transit using industry-standard encryption (TLS/HTTPS).

3. Information you provide and information we collect

3. Information you provide and information we collect

1. Authenticator (2FA) data

  • When you add an account to the App, we store the information needed to generate one-time codes for that service, such as the account/service label, the issuer name and the secret key. You typically add this by scanning a QR code or entering a setup key manually.

  • This data is stored locally on your device in encrypted form. It is only transmitted off your device if you enable cloud sync (see "Google Cloud Sync" below).


2. Password manager (vault) data

  • If you use the password manager, we store the entries you create, which may include website/app names, usernames or email addresses, passwords, and any notes you add.

  • Vault data is stored on your device in encrypted form. It is only transmitted off your device if you enable cloud sync.


3. Camera (QR code scanning)

  • With your permission, the App uses your device camera to scan QR codes when you set up a new 2FA account. The camera flash may be used to assist scanning in low light. QR codes are read in real time on your device. We do not take, store, or transmit photographs or video, and the camera is not used for any other purpose.


4. Biometric and device-lock authentication

  • You may choose to protect access to the App using your device's fingerprint, face unlock, or screen lock. This authentication is performed entirely by your device's operating system (Android BiometricPrompt / KeyStore). We never receive, access, or store your fingerprint, face, or other biometric data. The App is only told by the operating system whether authentication succeeded or failed.


5. Account information (only if you create an account or sign in)

  • If the App offers cloud sync through a sign-in, we may receive basic account identifiers from your Google Account (such as your email address and a Google account identifier) solely to authenticate you and enable sync. We do not receive your Google password.


6. Information collected automatically

When you use the App, we and our service providers may automatically collect:

  • Device and technical information such as device model and type, operating system and version, app version, language, time zone, and crash, diagnostic and performance logs.

  • Network information such as IP address and connection status.

  • Usage information such as which features you use and how you interact with the App, to help us improve it.

  • Identifiers, including the Android Advertising ID (see "Advertising ID" below) and install-attribution information (such as the Google Play install referrer) used to understand where installs come from.

1. Authenticator (2FA) data

  • When you add an account to the App, we store the information needed to generate one-time codes for that service, such as the account/service label, the issuer name and the secret key. You typically add this by scanning a QR code or entering a setup key manually.

  • This data is stored locally on your device in encrypted form. It is only transmitted off your device if you enable cloud sync (see "Google Cloud Sync" below).


2. Password manager (vault) data

  • If you use the password manager, we store the entries you create, which may include website/app names, usernames or email addresses, passwords, and any notes you add.

  • Vault data is stored on your device in encrypted form. It is only transmitted off your device if you enable cloud sync.


3. Camera (QR code scanning)

  • With your permission, the App uses your device camera to scan QR codes when you set up a new 2FA account. The camera flash may be used to assist scanning in low light. QR codes are read in real time on your device. We do not take, store, or transmit photographs or video, and the camera is not used for any other purpose.


4. Biometric and device-lock authentication

  • You may choose to protect access to the App using your device's fingerprint, face unlock, or screen lock. This authentication is performed entirely by your device's operating system (Android BiometricPrompt / KeyStore). We never receive, access, or store your fingerprint, face, or other biometric data. The App is only told by the operating system whether authentication succeeded or failed.


5. Account information (only if you create an account or sign in)

  • If the App offers cloud sync through a sign-in, we may receive basic account identifiers from your Google Account (such as your email address and a Google account identifier) solely to authenticate you and enable sync. We do not receive your Google password.


6. Information collected automatically

When you use the App, we and our service providers may automatically collect:

  • Device and technical information such as device model and type, operating system and version, app version, language, time zone, and crash, diagnostic and performance logs.

  • Network information such as IP address and connection status.

  • Usage information such as which features you use and how you interact with the App, to help us improve it.

  • Identifiers, including the Android Advertising ID (see "Advertising ID" below) and install-attribution information (such as the Google Play install referrer) used to understand where installs come from.

4. Google Cloud Sync

4. Google Cloud Sync

If you choose to enable cloud backup or synchronization, your authenticator accounts and/or password vault are backed up to and synchronized through your Google Account (for example, via Google Drive / Google's cloud infrastructure) so that you can restore your data or access it across your devices.

  • Cloud sync is optional and is off unless you turn it on. If you do not enable it, your 2FA and vault data remain only on your device.

  • Data is encrypted in transit during sync. We recommend you also set up a strong App lock and keep your Google Account secured (for example, with its own 2FA).

  • Your use of Google services is also governed by Google's Privacy Policy, available at https://policies.google.com/privacy.

  • You can disable sync at any time in the App settings, and you can remove synced data as described in "Data deletion" below.

If you choose to enable cloud backup or synchronization, your authenticator accounts and/or password vault are backed up to and synchronized through your Google Account (for example, via Google Drive / Google's cloud infrastructure) so that you can restore your data or access it across your devices.

  • Cloud sync is optional and is off unless you turn it on. If you do not enable it, your 2FA and vault data remain only on your device.

  • Data is encrypted in transit during sync. We recommend you also set up a strong App lock and keep your Google Account secured (for example, with its own 2FA).

  • Your use of Google services is also governed by Google's Privacy Policy, available at https://policies.google.com/privacy.

  • You can disable sync at any time in the App settings, and you can remove synced data as described in "Data deletion" below.

5. Compromised-password check (Have I Been Pwned)

5. Compromised-password check (Have I Been Pwned)

To help you keep your accounts safe, the App offers an optional check that tells you whether a password appears in known public data breaches. This feature is powered by the "Pwned Passwords" service operated by Have I Been Pwned (https://haveibeenpwned.com).

  • This feature is built using a privacy-preserving method known as k-Anonymity. Your password is never sent to Have I Been Pwned or to us.

  • Instead, your password is hashed on your device, and only the first five characters of that hash are sent to the Pwned Passwords service. The service returns a list of matching hash fragments, and the final comparison to determine whether your password has been exposed is completed locally on your device.

  • Neither your password, your full password hash, nor the related website or account is transmitted to Have I Been Pwned.

  • The result is informational only and depends on a third-party database; a "not found" result does not guarantee that a password is secure. Use of Have I Been Pwned is subject to its own privacy policy.

To help you keep your accounts safe, the App offers an optional check that tells you whether a password appears in known public data breaches. This feature is powered by the "Pwned Passwords" service operated by Have I Been Pwned (https://haveibeenpwned.com).

  • This feature is built using a privacy-preserving method known as k-Anonymity. Your password is never sent to Have I Been Pwned or to us.

  • Instead, your password is hashed on your device, and only the first five characters of that hash are sent to the Pwned Passwords service. The service returns a list of matching hash fragments, and the final comparison to determine whether your password has been exposed is completed locally on your device.

  • Neither your password, your full password hash, nor the related website or account is transmitted to Have I Been Pwned.

  • The result is informational only and depends on a third-party database; a "not found" result does not guarantee that a password is secure. Use of Have I Been Pwned is subject to its own privacy policy.

6. Advertising ID

6. Advertising ID

The App declares and may use the Android Advertising ID. The Advertising ID is a user-resettable identifier provided by Google Play services that may be used for advertising and analytics, such as measuring app installs and showing advertising (including in any free/ad-supported version of the App). We and our advertising and analytics partners do not link the Advertising ID to your password vault or 2FA secrets.

You can reset your Advertising ID or opt out of personalized advertising at any time: open your device SettingsGoogleAds, then reset your advertising ID or turn on "Opt out of Ads Personalisation."

The App declares and may use the Android Advertising ID. The Advertising ID is a user-resettable identifier provided by Google Play services that may be used for advertising and analytics, such as measuring app installs and showing advertising (including in any free/ad-supported version of the App). We and our advertising and analytics partners do not link the Advertising ID to your password vault or 2FA secrets.

You can reset your Advertising ID or opt out of personalized advertising at any time: open your device SettingsGoogleAds, then reset your advertising ID or turn on "Opt out of Ads Personalisation."

7. Permissions we request and why

7. Permissions we request and why

The App requests the following Android permissions. We only request what is needed to provide the features described above:

  • Camera: to scan QR codes when adding a 2FA account; the flash assists scanning in low light. No images are stored.

  • Biometric / fingerprint: to let you unlock the App and your vault with biometrics. Biometric data never leaves your device.

  • Notifications: to show notifications such as security reminders and alerts.

  • Alarms and notification settings: to schedule reminders and manage notification/alert behavior on your device.

  • Internet and network access: to enable cloud sync, the compromised-password check, analytics and (where applicable) advertising, and to detect connectivity.

  • Google Play license check: to verify that the App was obtained and licensed through Google Play.

  • Install referrer: to measure where installs come from (install attribution) via Google Play.

  • Advertising ID: to access the Android Advertising ID for advertising and analytics (see "Advertising ID" above).

The App requests the following Android permissions. We only request what is needed to provide the features described above:

  • Camera: to scan QR codes when adding a 2FA account; the flash assists scanning in low light. No images are stored.

  • Biometric / fingerprint: to let you unlock the App and your vault with biometrics. Biometric data never leaves your device.

  • Notifications: to show notifications such as security reminders and alerts.

  • Alarms and notification settings: to schedule reminders and manage notification/alert behavior on your device.

  • Internet and network access: to enable cloud sync, the compromised-password check, analytics and (where applicable) advertising, and to detect connectivity.

  • Google Play license check: to verify that the App was obtained and licensed through Google Play.

  • Install referrer: to measure where installs come from (install attribution) via Google Play.

  • Advertising ID: to access the Android Advertising ID for advertising and analytics (see "Advertising ID" above).

8. How we use information

8. How we use information

We use the information described above to:

  • Provide the App's core features: generate 2FA codes, store and manage your passwords, and (if enabled) sync your data.

  • Authenticate you and secure your account and data.

  • Provide customer support and respond to your requests.

  • Maintain, troubleshoot, and improve the App, including analyzing crashes, performance and aggregated usage. We use Google's Firebase tools for analytics and crash reporting; information sent to Google is subject to Google's Privacy Policy at https://policies.google.com/privacy.

  • Measure marketing and install attribution.

  • Where applicable, deliver and measure advertising (for example, in a free, ad-supported version).

  • Detect, prevent and address fraud, abuse, security incidents, and technical issues.

  • Comply with legal obligations and enforce our terms.

We use the information described above to:

  • Provide the App's core features: generate 2FA codes, store and manage your passwords, and (if enabled) sync your data.

  • Authenticate you and secure your account and data.

  • Provide customer support and respond to your requests.

  • Maintain, troubleshoot, and improve the App, including analyzing crashes, performance and aggregated usage. We use Google's Firebase tools for analytics and crash reporting; information sent to Google is subject to Google's Privacy Policy at https://policies.google.com/privacy.

  • Measure marketing and install attribution.

  • Where applicable, deliver and measure advertising (for example, in a free, ad-supported version).

  • Detect, prevent and address fraud, abuse, security incidents, and technical issues.

  • Comply with legal obligations and enforce our terms.

9. Legal bases for processing (EEA/UK users)

9. Legal bases for processing (EEA/UK users)

Performance of a contract: to provide the App's features that you request.

  • Legitimate interests: to secure, maintain and improve the App and prevent fraud and abuse.

  • Consent: for optional features such as the camera, cloud sync, the compromised-password check, and personalized advertising. You may withdraw consent at any time.

  • Legal obligation: where we must process information to comply with the law.

Performance of a contract: to provide the App's features that you request.

  • Legitimate interests: to secure, maintain and improve the App and prevent fraud and abuse.

  • Consent: for optional features such as the camera, cloud sync, the compromised-password check, and personalized advertising. You may withdraw consent at any time.

  • Legal obligation: where we must process information to comply with the law.

10. How we share information

10. How we share information

We do not sell your personal information for money, and we never share the contents of your password vault or your 2FA secrets with advertising or analytics partners. We share other information only as follows:

  • Service providers / sub-processors who process data on our behalf, such as Google (Firebase analytics, crash reporting, cloud services, Play install referrer) and our advertising partners.

  • Have I Been Pwned, limited to the partial, anonymized hash described above, only when you use the compromised-password check.

  • Legal and safety reasons: to comply with applicable law, respond to lawful requests from public authorities, enforce our terms, or protect the rights, property and safety of our users or others.

  • Business transfers: in connection with a merger, acquisition, or sale of assets, subject to this Privacy Policy.

We do not share the contents of your password vault or your 2FA secrets with advertising or analytics partners.

We do not sell your personal information for money, and we never share the contents of your password vault or your 2FA secrets with advertising or analytics partners. We share other information only as follows:

  • Service providers / sub-processors who process data on our behalf, such as Google (Firebase analytics, crash reporting, cloud services, Play install referrer) and our advertising partners.

  • Have I Been Pwned, limited to the partial, anonymized hash described above, only when you use the compromised-password check.

  • Legal and safety reasons: to comply with applicable law, respond to lawful requests from public authorities, enforce our terms, or protect the rights, property and safety of our users or others.

  • Business transfers: in connection with a merger, acquisition, or sale of assets, subject to this Privacy Policy.

We do not share the contents of your password vault or your 2FA secrets with advertising or analytics partners.

11. Cookies, SDKs and similar technologies

11. Cookies, SDKs and similar technologies

We and our partners may use SDKs and similar technologies in the App for analytics, attribution and (where applicable) advertising. You can limit interest-based advertising using the Advertising ID controls described above.

We and our partners may use SDKs and similar technologies in the App for analytics, attribution and (where applicable) advertising. You can limit interest-based advertising using the Advertising ID controls described above.

12. Data retention

12. Data retention

We retain your data for as long as you use the App and your account is active, and for as long as needed to provide the services, comply with our legal obligations, resolve disputes and enforce our agreements. Authenticator and vault data stored on your device remains until you delete it or uninstall the App. Synced data is retained until you disable sync and/or delete it as described below.

We retain your data for as long as you use the App and your account is active, and for as long as needed to provide the services, comply with our legal obligations, resolve disputes and enforce our agreements. Authenticator and vault data stored on your device remains until you delete it or uninstall the App. Synced data is retained until you disable sync and/or delete it as described below.

13. Data deletion and your choices

13. Data deletion and your choices

You can delete individual 2FA accounts or password entries at any time within the App.

  • You can disable cloud sync and delete synced data from within the App settings.

  • Uninstalling the App removes the data stored locally on your device. If you have enabled cloud sync, deleting the App may not remove backed-up data; use the in-App delete/disable-sync option first.

  • To request deletion of any account and associated data we hold, email us at feedback@pixsterstudio.com with the subject line "Data Deletion Request." We will verify and action your request in accordance with applicable law.

You can delete individual 2FA accounts or password entries at any time within the App.

  • You can disable cloud sync and delete synced data from within the App settings.

  • Uninstalling the App removes the data stored locally on your device. If you have enabled cloud sync, deleting the App may not remove backed-up data; use the in-App delete/disable-sync option first.

  • To request deletion of any account and associated data we hold, email us at feedback@pixsterstudio.com with the subject line "Data Deletion Request." We will verify and action your request in accordance with applicable law.

14. Security

14. Security

We implement appropriate technical and organizational measures to protect your information, including encryption of sensitive data on your device and encryption of data in transit (TLS/HTTPS). However, no method of transmission or storage is completely secure. You are responsible for securing your device and your Google Account, including using a strong device lock and enabling the App lock. Please notify us promptly if you believe your account or data has been compromised.

We implement appropriate technical and organizational measures to protect your information, including encryption of sensitive data on your device and encryption of data in transit (TLS/HTTPS). However, no method of transmission or storage is completely secure. You are responsible for securing your device and your Google Account, including using a strong device lock and enabling the App lock. Please notify us promptly if you believe your account or data has been compromised.

15. Children's privacy

15. Children's privacy

The App is not directed to children under 13 (or the minimum age required in your jurisdiction), and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take appropriate steps to delete it.

The App is not directed to children under 13 (or the minimum age required in your jurisdiction), and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take appropriate steps to delete it.

16. Your privacy rights

16. Your privacy rights

Depending on where you live, you may have some or all of the following rights regarding your personal information:

  • Access to the personal information we hold about you and a copy of it.

  • Correction of inaccurate or incomplete information.

  • Deletion of your information ("right to be forgotten"), subject to legal exceptions.

  • Objection or restriction regarding certain processing.

  • Portability of your information in a transferable format.

  • Withdrawal of consent at any time where we rely on consent.

California residents (under the CCPA/CPRA) have the right to know, delete, correct, and opt out of the "sale" or "sharing" of personal information, and not to be discriminated against for exercising these rights. We do not sell your personal information for money. However, where the App shows personalized advertising, the use of advertising identifiers (such as the Android Advertising ID) by our advertising partners may be considered a "sale" or "sharing" of personal information under certain laws. You can opt out at any time using the Advertising ID controls described in the "Advertising ID" section above. To exercise any right, email us at feedback@pixsterstudio.com; we may need to verify your identity before responding.

Depending on where you live, you may have some or all of the following rights regarding your personal information:

  • Access to the personal information we hold about you and a copy of it.

  • Correction of inaccurate or incomplete information.

  • Deletion of your information ("right to be forgotten"), subject to legal exceptions.

  • Objection or restriction regarding certain processing.

  • Portability of your information in a transferable format.

  • Withdrawal of consent at any time where we rely on consent.

California residents (under the CCPA/CPRA) have the right to know, delete, correct, and opt out of the "sale" or "sharing" of personal information, and not to be discriminated against for exercising these rights. We do not sell your personal information for money. However, where the App shows personalized advertising, the use of advertising identifiers (such as the Android Advertising ID) by our advertising partners may be considered a "sale" or "sharing" of personal information under certain laws. You can opt out at any time using the Advertising ID controls described in the "Advertising ID" section above. To exercise any right, email us at feedback@pixsterstudio.com; we may need to verify your identity before responding.

17. International data transfers

17. International data transfers

Your information may be processed in countries other than your own, including by our service providers such as Google. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for these transfers.

Your information may be processed in countries other than your own, including by our service providers such as Google. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for these transfers.

18. Changes to this Policy

18. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. When we make material changes, we will revise the "Last Updated" date above and, where appropriate, provide notice within the App. Your continued use of the App after changes take effect signifies your acceptance of the updated Policy.

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. When we make material changes, we will revise the "Last Updated" date above and, where appropriate, provide notice within the App. Your continued use of the App after changes take effect signifies your acceptance of the updated Policy.

19. Contact us

19. Contact us

If you have any questions or requests regarding this Privacy Policy or your data, please contact us at:

Pixster Studio LLP

Email: feedback@pixsterstudio.com

If you have any questions or requests regarding this Privacy Policy or your data, please contact us at:

Pixster Studio LLP

Email: feedback@pixsterstudio.com

Pixster Studio

13th Floor, 1309, 1314, Solitaire Connect Near Gallop Motors, Makarba Ahmedabad, Gujarat 380015 India

Contact Us

We'll get back to you soon

For career-related inquiries, please visit our Careers Page to explore opportunities and submit your application.

© 2026 Pixster Studio LLP. All rights reserved

Privacy Policy

Terms of Use

Refund Policy

This website and its contents, including but not limited to text, graphics, images, logos, and software, are the property of Pixster Studio LLP and are protected by international copyright laws. Unauthorized use, reproduction, or distribution of any materials on this site without the express written consent of Pixster Studio LLP is strictly prohibited. For permissions or inquiries, please contact us via our official communication channels.