English
1. Information We Collect
2FA Auth does not collect, transmit, or store any of your personal data on our servers.
- All two-factor authentication (TOTP) secrets are stored locally inside your browser using
chrome.storage.local.
- If you choose to enable password protection, your secrets are encrypted on your device using the Web Crypto API (PBKDF2 + AES-GCM) with a key derived only from the password you provide. The password and derived keys never leave your device.
- We do not have access to your 2FA secrets, passwords, or encryption keys at any time.
- No analytics, tracking, telemetry, or network requests are made to any server controlled by us.
2. How We Use Information
The extension only uses locally stored data to generate 6/8-digit TOTP codes for you in the popup UI. Nothing is sent anywhere.
3. Data Sharing & Third Parties
We do not share, sell, or transfer any user data to anyone. There are no third-party analytics or advertising SDKs.
4. Encryption & Security (Client-side only)
When password protection is enabled:
- Secrets are encrypted client-side before being written to storage.
- We use industry-standard Web Crypto (AES-GCM 256-bit + PBKDF2 key derivation with high iteration count).
- Even if someone gains access to your browser's storage files, the data remains encrypted without your password.
Important: If you forget the password you set, your encrypted 2FA secrets become permanently unrecoverable. Always keep a secure backup of your secrets using the Export feature (you can export while unlocked).
5. Your Rights & Control
- You can disable password protection at any time (this will decrypt and store your secrets in plain text locally).
- You can export your accounts (encrypted or plain) at any time.
- You can delete all data from within the extension (Settings → Clear all accounts).
- Uninstalling the extension removes all locally stored data.
6. Children's Privacy
The extension is not directed at children under 13. We do not knowingly collect data from children.
7. Changes to This Policy
We may update this policy occasionally. Material changes will be noted in the extension or on the project page. Continued use after changes constitutes acceptance.
8. Contact
For questions about this policy or the extension, please open an issue on the GitHub repository or contact the developer listed in the Chrome Web Store.
Source code: The extension is open source. You can audit exactly how your data is handled.
中文(简体)
1. 我们收集的信息
2FA Auth 不会在我们的服务器上收集、传输或存储您的任何个人数据。
- 所有双因素认证(TOTP)密钥都仅存储在您的浏览器本地,使用
chrome.storage.local。
- 如果您选择开启密码保护,您的密钥会在您的设备上使用 Web Crypto API(PBKDF2 + AES-GCM)进行加密。密码和派生密钥永远不会离开您的设备。
- 我们(开发者)在任何时候都无法访问您的 2FA 密钥、密码或加密密钥。
- 扩展不会向我们控制的任何服务器发送分析、追踪、遥测数据或网络请求。
2. 我们如何使用信息
扩展仅使用本地存储的数据在弹窗界面为您生成 6/8 位 TOTP 验证码。任何数据都不会被发送到任何地方。
3. 数据共享与第三方
我们不会将任何用户数据分享、销售或传输给任何人。扩展中不包含任何第三方分析或广告 SDK。
4. 加密与安全(仅客户端)
当启用密码保护时:
- 密钥会在写入存储前在客户端完成加密。
- 我们使用行业标准的 Web Crypto(AES-GCM 256 位 + 高迭代次数的 PBKDF2 密钥派生)。
- 即使他人获得您浏览器存储文件的访问权限,没有您的密码也无法解密数据。
重要提示: 如果您忘记了自己设置的密码,加密后的 2FA 密钥将永久无法恢复。请务必在使用导出功能时做好安全备份(解锁状态下可导出)。
5. 您的权利与控制
- 您可以随时关闭密码保护(这会将密钥解密后以明文形式本地存储)。
- 您可以随时导出账号(支持加密或明文格式)。
- 您可以在扩展内删除所有数据(设置 → 清空所有账号)。
- 卸载扩展会移除所有本地存储的数据。
6. 儿童隐私
本扩展不针对 13 岁以下儿童。我们不会 knowingly 收集儿童数据。
7. 政策变更
我们可能会偶尔更新本政策。重大变更会在扩展或项目页面中说明。变更后继续使用即表示您接受新政策。
8. 联系我们
如对本政策或扩展有疑问,请在 GitHub 仓库提交 issue,或通过 Chrome 应用商店中列出的开发者联系方式联系。
源代码: 本扩展为开源项目,您可以审计数据处理方式。