Privacy Policy for ZeroAuth

Effective Date: 01/May/2026

ZeroAuth is owned and operated by Optional Labs India (“Optional Labs”, “we”, “our”, “us”). This Privacy Policy explains how ZeroAuth handles information when you use the app.

1. What ZeroAuth does

ZeroAuth is an offline authenticator app that stores and generates one-time passcodes on your device.

2. Information we process

When you use ZeroAuth, the app may process account labels, issuer names, TOTP secrets, QR-code contents, app lock settings, PIN hashes, backup files you choose to create or import, and limited device-level settings needed for security features.

3. Information we do not collect from you by default

Optional Labs does not intentionally collect your TOTP secrets, OTP codes, account list, QR contents, biometric data, or backups on our servers as part of the normal use of the app. ZeroAuth is designed to operate locally on your device unless you intentionally export or share data yourself.

4. Permissions and device features

The app may request camera access to scan QR codes. The app may use device biometric APIs for unlock and AutoFill protection. Optional Labs does not receive or store your raw fingerprint, Face ID, or similar biometric templates; those are handled by your device operating system.

5. Local storage and security

Account data and security settings are stored locally on your device using operating-system security features where available. On supported Apple devices, information needed for the ZeroAuth AutoFill extension may be made available within the same device environment so the extension can generate one-time codes. This processing is intended to remain on-device.

6. Backup, export, import, and sharing

If you export a backup file or backup QR code, the exported content may contain sensitive account data, including secrets needed to generate your authentication codes. Once you choose to export, display, share, store, or transmit that backup, you are responsible for protecting it. Optional Labs is not responsible for third-party access caused by your storage, sharing, screenshots, or transfer of exported backups.

7. Support communications

If you contact Optional Labs for support, we may process the information you provide to us, such as your name, email address, device details, and the contents of your message, solely to respond, troubleshoot, protect our services, or comply with law.

8. Legal basis and user rights

To the extent Indian privacy law applies to any personal data processed by Optional Labs off-device, we will process such data only for lawful purposes, provide applicable notices, and honor rights available under applicable law, subject to legal limitations. Depending on the data and law in force, these rights may include access, correction, erasure, grievance redressal, and withdrawal of consent where consent is the basis of processing.

9. Children

ZeroAuth is not directed to children. If Optional Labs becomes aware that personal data has been collected from a child in a manner that violates applicable law, we will take appropriate steps to delete or stop processing that data.

10. Retention

Optional Labs retains support or compliance-related data only for as long as reasonably necessary for the purpose for which it was collected, to resolve disputes, enforce our agreements, or comply with legal obligations. Data stored only on your device remains under your control unless you delete the app, clear the data, or export/share it.

11. Security incidents and disclosures

We may disclose information where required by law, court order, lawful government request, or where reasonably necessary to protect rights, users, systems, or investigate fraud, abuse, or security incidents.

12. Changes to this Policy

We may update this Privacy Policy from time to time. The updated version will carry a revised effective date.

13. Contact and grievance

Owner: Optional Labs India
Email: contact@optionallabs.com
Location: Bangalore, India