Privacy Policy

Last updated: January 15, 2025 | Effective Date: January 15, 2025

Welcome to get-2fa.live ("we", "our", "us", or "the Service"). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our two-factor authentication (2FA) code generation service. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

1. Information We Collect

1.1 Information You Provide Directly

• Secret Keys: When you input a secret key to generate 2FA codes, this information is processed entirely within your browser. We do not receive, store, or have access to your secret keys.
• Contact Information: If you contact us for support, we may collect your email address and any information you choose to provide in your communications.

1.2 Information Collected Automatically

• Technical Data: Browser type, version, operating system, device type, screen resolution
• Usage Data: Pages visited, time spent on pages, click patterns (anonymized)
• Network Data: IP address (anonymized after 24 hours), general geographic location (country/region level)
• Performance Data: Page load times, error reports (without personal information)

1.3 Cookies and Local Storage

We use minimal cookies and local storage for:

• Remembering your preferences (dark mode, language settings)
• Analytics (anonymized usage statistics)
• Security (preventing abuse and ensuring service availability)

2. How We Use Your Information

We use collected information for the following legitimate purposes:

1. Service Provision: To provide and maintain our 2FA code generation service
2. Service Improvement: To analyze usage patterns and improve user experience
3. Security: To detect, prevent, and address technical issues and security threats
4. Communication: To respond to your inquiries and provide customer support
5. Legal Compliance: To comply with applicable laws and regulations
6. Analytics: To understand how our service is used and optimize performance

3. Data Security and Protection

3.2 Security Measures

• HTTPS Encryption: All communications are encrypted using TLS 1.3
• Content Security Policy: Implemented to prevent XSS attacks
• Secure Headers: HSTS, X-Frame-Options, and other security headers
• Regular Security Audits: Periodic security assessments and updates
• Minimal Data Collection: We collect only what is necessary for service operation

3.3 Data Retention

• Secret Keys: Never stored (processed client-side only)
• Analytics Data: Anonymized and retained for 26 months maximum
• Log Files: Automatically deleted after 90 days
• Support Communications: Retained for 2 years or until resolved

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information only in the following limited circumstances:

4.1 Service Providers

• Analytics: Google Analytics (anonymized data only)
• Hosting: Secure hosting providers with appropriate data protection agreements
• Security: Security service providers for DDoS protection and threat detection

4.2 Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect our rights, property, or safety.

5. Your Privacy Rights

Depending on your location, you may have the following rights:

5.1 General Rights

• Access: Request information about data we have collected
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information
• Portability: Request a copy of your data in a portable format
• Objection: Object to processing of your personal information

5.2 GDPR Rights (EU Residents)

• Right to withdraw consent at any time
• Right to lodge a complaint with supervisory authorities
• Right to restriction of processing

5.3 CCPA Rights (California Residents)

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of sale (we do not sell personal information)
• Right to non-discrimination for exercising privacy rights

6. International Data Transfers

Our service may be accessed from anywhere in the world. If you access our service from outside the country where our servers are located, your information may be transferred across international borders. We ensure appropriate safeguards are in place for such transfers.

7. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

8. Third-Party Services

Our service may contain links to third-party websites or services. This Privacy Policy does not apply to such third-party services. We encourage you to read the privacy policies of any third-party services you use.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:

• Posting the updated policy on this page
• Updating the "Last updated" date
• For significant changes, providing additional notice on our website

10. Contact Information

11. Governing Law

This Privacy Policy is governed by and construed in accordance with applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

← Back to 2FA Generator