Privacy Policy

1. Overview

This Privacy Policy applies to the Auth Exporter mobile application ("App") published by Elmeris LLC ("we," "us," or "our"), a limited liability company incorporated in Wyoming, USA (30 N Gould St #43444, Sheridan, WY 82801). It describes how the App handles — or more precisely, does not handle — your personal data.

Auth Exporter is a privacy-first utility. It was designed from the ground up so that your two-factor authentication (2FA) secrets and account data never leave your device. We have no servers that receive your data because the App never sends any.

2. Data We Do Not Collect

We do not collect, receive, store, or process any of the following:

• — Your 2FA secret keys or TOTP/HOTP credentials
• — Account names, issuers, or any account metadata
• — Device identifiers, IP addresses, or hardware information
• — Usage data, session data, or interaction logs
• — Crash reports or diagnostic data
• — Location data
• — Contact information, name, or email address
• — Any other personally identifiable information (PII)

This is not a limitation of our current implementation — it is an architectural guarantee. The App contains no analytics SDK, no crash reporter, no advertising framework, and no network client. It is technically incapable of transmitting data.

3. How Your Data Is Stored

All data created or imported through the App is stored exclusively on your device using platform-provided secure storage:

No data is written to external storage, shared storage, iCloud, Google Drive, or any other location outside the App's private sandbox.

4. Network Access

Auth Exporter does not request or use internet access. The App does not make any network connections under any circumstances. There are no outbound requests, no background syncs, and no push notification registrations.

On iOS, the App does not include the NSAllowsArbitraryLoads entitlement or any network-related capability declarations. On Android, the App does not declare the INTERNET permission in its manifest.

5. Camera and Photo Library Access

The App requests access to your camera and/or photo library solely to scan QR codes you present to it. Camera frames and images are processed entirely in memory, on-device, in real time. No image or frame is saved, transmitted, or retained after the QR scan is complete.

You may deny camera or photo library access at any time through your device settings. If denied, QR scanning features will be unavailable, but previously imported accounts remain fully accessible.

6. Third-Party Services and SDKs

Auth Exporter does not integrate any third-party service, SDK, or library that accesses, processes, or transmits your data. Specifically, the App does not include:

• — Analytics platforms (e.g. Firebase Analytics, Mixpanel, Amplitude)
• — Crash reporting tools (e.g. Crashlytics, Sentry, Bugsnag)
• — Advertising networks or SDKs
• — Social login or OAuth providers
• — Cloud storage or sync services
• — Any other SDK that communicates with external servers

7. Data Sharing

Because we collect no data, there is nothing to share, sell, license, or disclose to any third party. We do not share your information with:

• — Advertising partners or data brokers
• — Analytics or research companies
• — Law enforcement or government agencies (we have no data to provide)
• — Any other entity

8. Children's Privacy

Auth Exporter does not collect personal information from anyone, including children under the age of 13 (US — COPPA) or under the age of 16 (EU — GDPR). Because the App collects no data at all, it is compliant with COPPA and equivalent children's privacy laws by design.

9. GDPR and International Privacy Rights

For users in the European Economic Area (EEA), United Kingdom, or other jurisdictions with comprehensive privacy laws: because Auth Exporter does not collect, process, or store any personal data on our systems, we do not act as a data controller or data processor with respect to your in-app data. Your data never reaches us.

If you are a California resident (CCPA) or are protected by another privacy regulation, the same applies: we have no personal information about you to disclose, delete, or provide access to.

10. Data Deletion

All App data is stored locally on your device. You can delete it at any time by:

• — Deleting individual accounts from within the App
• — Uninstalling the App (removes all app-sandbox data and Keychain entries)
• — Using your device's app settings to clear app data (Android)

Note on iOS Keychain: On iOS, Keychain items may persist after App uninstall as a platform behavior. To ensure complete removal of all stored secrets, delete your accounts within the App before uninstalling.

11. Security

The security model of Auth Exporter relies on the device's built-in secure storage rather than network-level or cloud-level security controls. Your 2FA secrets are protected by:

• — iOS Keychain encryption, backed by the Secure Enclave on supported devices
• — Android Keystore and EncryptedSharedPreferences with hardware-backed keys where available
• — The device's lock screen authentication (PIN, Face ID, fingerprint)
• — App sandboxing enforced by the operating system

We have no ability to access your data remotely because it never reaches our systems.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically. Continued use of the App after any change constitutes acceptance of the updated policy.

If we ever change the App's data practices in a material way (e.g. by adding network access or analytics), that change will be clearly disclosed in the App Store / Google Play update notes and this policy will be updated before the change takes effect.

13. Contact

If you have questions about this Privacy Policy or the privacy practices of Auth Exporter, please contact us: