ZeroAuth
HomeSecurityPrivacyTermsSign in

Permissions & Privacy

Overview

ZeroAuth is an offline-first authenticator app. We only request the permissions your device needs to generate and protect your two-factor authentication codes. This page explains each permission in plain language — what we use it for, and what we never do with it.

Your data stays on your device. We designed ZeroAuth so that you never have to trust us with your secrets.

Camera Access

  • Used to scan QR codes when you add a new account
  • Only activated when you tap "Scan QR code" — never runs in the background
  • The camera feed is never recorded, stored, or transmitted
  • No photos or images are saved by ZeroAuth

Biometric Authentication

  • Used to unlock the app using Face ID, Touch ID, or fingerprint
  • Your biometric data never leaves your device
  • Handled entirely by your device's operating system
  • ZeroAuth never receives or stores your raw biometric templates

PIN Protection

  • A numeric PIN can be set as a backup to biometric unlock
  • Only a hashed version of the PIN is stored — never the PIN itself
  • Protects app access when biometrics are unavailable
  • You can change or remove your PIN at any time from app settings

Clipboard Access

  • OTP codes can be copied to your clipboard when you tap "Copy"
  • We only write to your clipboard — we never read from it
  • Clipboard contents are never transmitted or stored by ZeroAuth

Local Storage

  • All account data, secrets, and settings are stored locally on your device
  • On iOS, we use the Keychain for secure storage where available
  • No data is synced to ZeroAuth servers or shared without your explicit action
  • Deleting the app removes all stored data from your device

Internet Access

  • ZeroAuth works fully offline — no network connection required for core features
  • Network access may be used for optional app update checks
  • No account data, secrets, or OTP codes are ever sent over the network
  • We do not run ads, analytics SDKs, or third-party trackers

Backup & Restore

  • You can export an encrypted backup file or backup QR code at any time
  • Backups are generated locally and shared only if you choose to
  • Backups contain the secrets needed to regenerate your OTP codes — keep them safe
  • We recommend storing backups in a secure, encrypted location
  • Once exported or shared, you are responsible for protecting that backup

Screen Security

  • ZeroAuth may block screenshots and screen recordings to protect your codes
  • Prevents OTP codes from appearing in recent apps previews or screen shares
  • Some accessibility settings on your device may override this behavior

What We Do NOT Do

  • We do not collect your TOTP secrets, OTP codes, or account list
  • We do not run ads, tracking scripts, or analytics
  • We do not sell your data or share it with third parties
  • We do not require an account to use the core features of the app
  • We do not store or transmit your biometric data
  • We do not sync your data to our servers without your explicit action

Contact

Have questions about these permissions or how ZeroAuth handles your data? We're here to help.