2FAS Privacy Policy

Two Factor Authentication Privacy Policy – Effective Date Aug 18, 2022.

Who We Are. Two Factor Authentication Service, Inc. (“2FAS”) provides security tokens for Users to use as secondary login authentication on any website that supports TOTP or HOTP two-factor authentication tokens. We are a registered Delaware corporation, with a registered office at 16192 Coastal Highway, Lewes, DE 19958 and a mailing address at 1887 Whitney Mesa Dr #2130 Henderson, Nevada 89014.

Our Commitment to Your Privacy. Two Factor Authentication Service, Inc. , (“we”, “our”, “us”, or “2FAS”) is committed to protecting your privacy. The term “you”, “your”, and “User” is used to refer to individuals and business entities that use all pages associated with our Site, 2FAS BE and 2FAS Application. This Privacy Policy sets forth how we use and protect Personal Information that you give when you sign up for the 2FAS Services under the Terms of Service, use the pages associated with our Site, 2FAS BE or use the 2FAS Application. By using our Site, 2FAS BE or 2FAS Application, you agree to this Privacy Policy.

Scope of this Privacy Policy. You recognize that this Privacy Policy does not apply to any data, including Personal Information, that you may give to, or store in the, websites and mobile applications that you access using 2FAS’s solution. We provide tokens solely for the purpose of providing you with a secure manner of accessing your online accounts. 2FAS has posted additional privacy provisions that apply to residents of California and the European Economic Area (EEA).

Consent to Changes. We reserve the right, in our sole discretion, to change, modify, add, or remove portions of this Privacy Policy at any time, without prior notice to you. All revisions will be posted on this page. Please check the Effective Date of the Privacy Policy for the most recent version. Please review this Privacy Policy for changes. Your continued use of the pages associated with this website constitutes your acceptance of any changes. Notwithstanding the foregoing, we will endeavor to notify those Users who have provided us with an email address via email when a new version of this Privacy Policy goes into effect.

Definitions.

Device means the mobile device (phone, tablet, and the like) that you use to download and use the 2FAS Services.
2FAS Application means our application that allows Users to generate TOTP (Time-based one-time password) or HOTP (HMAC-based one-time password algorithm) tokens for any website or other application that supports TOTP or HOTP two-factor authentication tokens.
2FAS Browser Extension (“2FAS BE”) means a small software module for customizing a web browser in a way to receive tokens from the 2FAS Application.
Personal Information means information that identifies or can be reasonably linked to you or someone in your household. This includes, but is not limited to: Device ID, Email address, and records of services purchased from us.
PIN means the Personal Identification Number you can set in order to open the 2FAS Application on your Device.
Privacy Policy means this document, which includes California specific provisions and GDPR specific provisions.
2FAS Services or Services means all products and services that 2FAS currently provides or may provide in the future.
Site means all webpages and 2FAS Application screens associated with the Services provided by 2FAS.
Terms of Service means the document that you agreed to be bound to when you use 2FAS’s Application. The most recent version of the Terms of Service can be found here.

Information Collected. As part of our commitment to your privacy, we work to reduce the amount of Personal Information that we collect and store about our Users. However, you recognize that in order to provide the 2FAS Services, we must collect and store certain information. By using the 2FAS Services and agreeing to this Privacy Policy, you grant us consent to use and store such information. In accordance with the terms and conditions of our Terms of Service, we collect and store the following information:

Device ID (including brand, model, unique ID, operating system info, and storage state)
Cookies and analytics

Collection Purpose. We collect Personal Information about you for a variety of reasons.

In order for you to use 2FAS Services and receive tokens, we must have access to your Device ID. In order to receive push notifications from the 2FAS Application, you must provide us with your Device ID. We collect information to detect and prevent fraud and security breaches.
We collect information to improve the 2FAS Services and provide customer support. This may include detecting technical issues, maintaining Services, improving Services through the use of analytics, and conducting research and reviewing analytics to improve current Services and develop new Services.
We collect information to comply with applicable laws and assert and defend claims brought against us.
We do not use your Personal Information for purposes that are not in the spirit of the original collection purpose.

How we use the Personal Information that we collect about you. We only use the Personal Information you provide for the reasons listed above. We do not and will never sell, trade, or otherwise transfer your Personal Information to an unrelated third party for marketing, advertising, or other uses. We do share your information with third parties only in order to provide the 2FAS Services, including push notifications, payment processors for donors, email processing for those who provided it to us in order to contact us, and security and fraud prevention. You can read more about the Personal Information that we share with third parties in Section 13.

Cookies, Analytics, Etc.

In addition to Personal Information, we collect information about your visit to our Site and use of our Services. This data may be entered voluntarily or collected passively. We use this information to operate, provide, and improve our Services and monitor for fraud and security breaches. You can change the settings on your computer, tablet, or mobile Device to disable certain passive tracking data.
Cookies. Our Site uses cookies to track the pages that you visit and the links that you click. A cookie is a very small text document, which often includes an anonymous unique identifier. When you visit a website on your computer, tablet, or smartphone, that site’s computer asks your computer for permission to store this file in a part of your hard drive specifically designated for cookies. Each website can send its own cookie to your browser if your browser’s preferences allow it, however, to protect your privacy, your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other sites. Information is compiled in an aggregate manner and used for marketing and analytics purposes.
Analytics. Analytics allow us to understand how and why Users use our Services, Site, and the 2FAS Application. Understanding how and why allows us to tailor and improve our Services to better serve our Users’ needs.
What analytics we use. We use Google Analytics to understand our Users’ how and why. You can read more about Google Analytics here (https://policies.google.com/technologies/partner-sites),
How to opt-out on your end. If you do not want cookies, analytics to be collected about you, please disable cookies on your web and mobile browsers.

Opt-Out.

Right to opt-out of sale of your Personal Information. We do not and will never sell, trade, or otherwise transfer your Personal Information to an unrelated third party for marketing, advertising, or other uses.

Deletion. You have the right to request that we delete the Personal Information we have gathered on you. However, if any of the Personal Information is required in order to provide you with 2FAS Services, then you will not be able to use 2FAS Services if we delete your Personal Information. Please read the Section 7 above to learn about what Personal Information is required for us to provide you the 2FAS Services.

Children’s Privacy. 2FAS is committed to the privacy and security of Personal Information relating to children. For this reason, the Services provided by us are not to be used by anyone under the age of 16. If we discover that you are under the age of 16, we reserve the right to remove your access to all Services. By agreeing to this Privacy Policy and using the Services, you represent that you are over the age of 16.

Sharing Information with Third Parties. We do not and will never sell, trade, or otherwise transfer your Personal Information to an unrelated third party for marketing, advertising, or other uses. Unrelated third parties do not include those that assist us in performing the 2FAS Services. We may release your Personal Information when it is appropriate to comply with the law, enforce this Privacy Policy, assert and defend claims brought against us, or protect its or others’ rights, property, or safety.

Links to Other Websites. 2FAS’s Site, 2FAS BE and the 2FAS Application may contain links to other websites which are of interest to our Users. These third party websites have separate and independent privacy policies. 2FAS has no responsibility or liability for the content or activities of the websites accessible via the links and it is your responsibility to review and comply with any applicable privacy policy. 2FAS is not responsible for and does not endorse any third party website.

Contact Us. You may contact us via email at [email protected] with the subject line “Privacy Policy” and a description of your question, issue, or deletion request in the body of the email.

Notice. Notices under this Privacy Policy may be posted to our Site and sent via email to Users who have provided us with an email address.

California Consumer Privacy Act Compliance Supplement

Application. Who does the CCPA applies to?

The California Consumer Privacy Act of 2018 (“CCPA”) only applies to residents of California. A “resident” is a natural person who resides in California.

Definitions.

Device means the mobile device (phone, tablet, and the like) that you use to download and use the 2FAS Services.
2FAS Application means the application that allows Users to generate TOTP (Time-based one-time password) or HOTP (HMAC-based one-time password algorithm) tokens for any website or other application that supports TOTP or HOTP two-factor authentication tokens.
2FAS Browser Extension (“2FAS BE”) means a small software module for customizing a web browser in a way to receive tokens from the 2FAS Application.
Personal Information means information that identifies or can be reasonably linked to you or someone in your household. This includes, but is not limited to: Device ID, Email address, and records of services purchased from us.
PIN means the Personal Identification Number you can set in order to open the 2FAS Application on your Device.
Privacy Policy means this document, which includes California specific provisions and GDPR specific provisions.
2FAS Services or Services means all products and services that 2FAS currently provides or may provide in the future.
Site means all webpages and 2FAS Application screens associated with the Services provided by 2FAS.
Terms of Service means the document that you agreed to be bound to when you use 2FAS’s Application. The most recent version of the Terms of Service can be found here.

Notice at Collection. We are providing you this Notice at Collection in compliance with the CCPA. You must read and accept this Notice at Collection prior to submitting any Personal Information to us as part of creating your account and signing up for the 2FAS Services.

Right to Know. As a California resident, you have the Right to Know certain information regarding the Personal Information that we gather about you. We will respond to your Right to Know request within forty-five (45) calendar days. If we are unable to process your request within forty-five (45) calendar days, then we will inform you that we have extended the deadline for an additional forty-five (45) days. As part of our process for answering your Right to Know request, we will need to ask you additional information in order to verify that you are actually the person you claim to be. We will only use this requested information as part of our verification process and not for any other reason.

We collect the following Personal Information:
1. Categories of Personal Information collected
  1. Device ID
  2. Email address of users who contacted us through email
2. Specific pieces of Personal Information collected
  1. Device ID
    1. Brand
    2. Model
    3. Unique ID
    4. Operating system info
    5. Storage state
  2. Contact Information of users who contacted us through email
    1. Email address
  3. Categories of sources from which we collect your Personal Information
    1. We store the email address of users who contacted us through email.
    2. Once you download the 2FAS Application and begin to use the 2FAS Services, the 2FAS Application will record your Device ID.
  4. Purpose for which we collect your Personal Information
    1. We collect the Personal Information listed above in order to provide Services to you. In order for you to use 2FAS Services and receive tokens, we must have access to your Device ID. In order to receive push notifications from the 2FAS Application, you must provide us access to your Device ID.
    2. We collect the email addresses of users who sent us an email in order to reply and contact them back.
  5. Categories of third parties with whom we share your Personal Information
    1. We may share your email address with third parties in order to send email to you through 3rd party service.
    2. We may share your Personal Information (including email address) for processing payment companies if you want to donate to us.
  6. Categories of Personal Information that we share, sell, or disclose to third parties
    1. We do not and will never sell, trade, or otherwise transfer your Personal Information to an unrelated third party for marketing, advertising, or other uses.
    2. Unrelated third parties do not include those that assist us in performing our Services (including but not limited to include 2FAS Application push notifications, payment processors, email processing, and security and fraud prevention).
    3. We may release your Personal Information when it is appropriate to comply with the law, enforce this Privacy Policy, or protect ours or others’ rights, property, or safety.
Procedure for requesting your Personal Information:
1. You may contact us via email at [email protected] with the subject line “CCPA Right to Know” and a description of the Personal Information that you are requesting in the body of the email.
We may refuse to disclose your Personal Information if:
1. We cannot verify your request.
2. Your request is manifestly unfounded or excessive.
3. If we have already provided you with the requested Personal Information more than two times in the prior 12-month period.
4. You request that we disclose Personal Information that is your password or PIN. 2FAS does not collect any of this information from Users.

Right to Delete. As a California resident, you have the Right to Delete certain Personal Information that we gather about you. We will respond to your Right to Delete request within forty-five (45) calendar days. If we are unable to process your request within forty-five (45) calendar days, then we will inform you that we have extended the deadline for an additional forty-five (45) days. As part of our process for answering your Right to Delete request, we will need to ask you additional information in order to verify that you are actually the person you claim to be. We will only use this requested information as part of our verification process and not for any other reason.

Procedure to request your Personal Information be deleted:
1. You may contact us via email at [email protected] with the subject line “CCPA Right to Delete” and a description of the Personal Information that you are requesting in the body of the email
In some cases, we may not be able to delete the Personal Information that you request and still provide you Services under the Terms of Service. For example, in order for you to use 2FAS Services and receive tokens, we must have access to your Device ID. In order to receive push notifications from the 2FAS Application, you must provide us access to your Device ID.

Right to Opt-Out. As a California resident, you have the Right to “Opt-Out” from a business’s practice of selling your Personal Information. 2FAS has the policy of not selling, trading, or otherwise transferring your Personal Information to an unrelated third party for marketing, advertising, or other uses. If our policy changes in the future, we will notify you prior to selling, trading, or otherwise transferring your Personal Information to an unrelated third party for marketing, advertising, or other uses and obtain your consent for such practices. At such a time, this Privacy Policy will be updated to outline the procedure for opting out of such sale, trade, or transfer.

Right to Non-Discrimination. We will not discriminate against you based on your exercise of your rights under the CCPA. However, if we are unable to process your CCPA request and continue to provide you 2FAS Service under the Terms of Service, then you may no longer be able to receive 2FAS Service under the Terms of Service.

No Sale. 2FAS has not sold California residents’ Personal Information over the past 12-month time frame and does not intend to do so. This includes the Personal Information of children under the age of sixteen (16).

Data Breaches. In accordance with California Civ. Code s. 1798.82(a), we will notify you if your unencrypted Personal Information was, or we have reason to believe has been, acquired by an unauthorized person. In addition, we will notify you if your encrypted Personal Information was, or we have reason to believe has been, acquired by an unauthorized person and the encryption key was, or we have reason to believe has been, acquired by an unauthorized person and we have reason to believe that the encryption key could be used to make your Personal Information readable or usable. Such notification may be posted to our Site and sent via email to Users who have provided us with an email address. It will be titled “Notice of Data Breach”, and it will include:

What Happened
What Personal Information was Involved
What We Are Doing
What You Can Do
Where to go For More Information

You may contact us via email at [email protected] with the subject line “CCPA Privacy Policy” and a description of your question, issue, or deletion request in the body of the email.

Notice. Notices under this Privacy Policy may be posted to our Site and sent via email to Users who have provided us with an email address.

Two Factor Authentication Privacy Policy – Effective Date Aug 18, 2022.

Definitions.

Device means the mobile device (phone, tablet, and the like) that you use to download and use the 2FAS Services.
2FAS Application means our application that allows Users to generate TOTP (Time-based one-time password) or HOTP (HMAC-based one-time password algorithm) tokens for any website or other application that supports TOTP or HOTP two-factor authentication tokens.
2FAS Browser Extension (“2FAS BE”) means a small software module for customizing a web browser in a way to receive tokens from the 2FAS Application.
Personal Information means information that identifies or can be reasonably linked to you or someone in your household. This includes, but is not limited to: Device ID, Email address, and records of services purchased from us.
PIN means the Personal Identification Number you can set in order to open the 2FAS Application on your Device.
Privacy Policy means this document, which includes California specific provisions and GDPR specific provisions.
2FAS Services or Services means all products and services that 2FAS currently provides or may provide in the future.
Site means all webpages and 2FAS Application screens associated with the Services provided by 2FAS.
Terms of Service means the document that you agreed to be bound to when you use 2FAS’s Application. The most recent version of the Terms of Service can be found here.

Device ID (including brand, model, unique ID, operating system info, and storage state)
Cookies and analytics

Collection Purpose. We collect Personal Information about you for a variety of reasons.

In order for you to use 2FAS Services and receive tokens, we must have access to your Device ID. In order to receive push notifications from the 2FAS Application, you must provide us with your Device ID. We collect information to detect and prevent fraud and security breaches.
We collect information to improve the 2FAS Services and provide customer support. This may include detecting technical issues, maintaining Services, improving Services through the use of analytics, and conducting research and reviewing analytics to improve current Services and develop new Services.
We collect information to comply with applicable laws and assert and defend claims brought against us.
We do not use your Personal Information for purposes that are not in the spirit of the original collection purpose.

Cookies, Analytics, Etc.

In addition to Personal Information, we collect information about your visit to our Site and use of our Services. This data may be entered voluntarily or collected passively. We use this information to operate, provide, and improve our Services and monitor for fraud and security breaches. You can change the settings on your computer, tablet, or mobile Device to disable certain passive tracking data.
Cookies. Our Site uses cookies to track the pages that you visit and the links that you click. A cookie is a very small text document, which often includes an anonymous unique identifier. When you visit a website on your computer, tablet, or smartphone, that site’s computer asks your computer for permission to store this file in a part of your hard drive specifically designated for cookies. Each website can send its own cookie to your browser if your browser’s preferences allow it, however, to protect your privacy, your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other sites. Information is compiled in an aggregate manner and used for marketing and analytics purposes.
Analytics. Analytics allow us to understand how and why Users use our Services, Site, and the 2FAS Application. Understanding how and why allows us to tailor and improve our Services to better serve our Users’ needs.
What analytics we use. We use Google Analytics to understand our Users’ how and why. You can read more about Google Analytics here (https://policies.google.com/technologies/partner-sites),
How to opt-out on your end. If you do not want cookies, analytics to be collected about you, please disable cookies on your web and mobile browsers.

Opt-Out.

Right to opt-out of sale of your Personal Information. We do not and will never sell, trade, or otherwise transfer your Personal Information to an unrelated third party for marketing, advertising, or other uses.

Contact Us. You may contact us via email at [email protected] with the subject line “Privacy Policy” and a description of your question, issue, or deletion request in the body of the email.

Notice. Notices under this Privacy Policy may be posted to our Site and sent via email to Users who have provided us with an email address.

California Consumer Privacy Act Compliance Supplement

Application. Who does the CCPA applies to?

The California Consumer Privacy Act of 2018 (“CCPA”) only applies to residents of California. A “resident” is a natural person who resides in California.

Definitions.

Device means the mobile device (phone, tablet, and the like) that you use to download and use the 2FAS Services.
2FAS Application means the application that allows Users to generate TOTP (Time-based one-time password) or HOTP (HMAC-based one-time password algorithm) tokens for any website or other application that supports TOTP or HOTP two-factor authentication tokens.
2FAS Browser Extension (“2FAS BE”) means a small software module for customizing a web browser in a way to receive tokens from the 2FAS Application.
Personal Information means information that identifies or can be reasonably linked to you or someone in your household. This includes, but is not limited to: Device ID, Email address, and records of services purchased from us.
PIN means the Personal Identification Number you can set in order to open the 2FAS Application on your Device.
Privacy Policy means this document, which includes California specific provisions and GDPR specific provisions.
2FAS Services or Services means all products and services that 2FAS currently provides or may provide in the future.
Site means all webpages and 2FAS Application screens associated with the Services provided by 2FAS.
Terms of Service means the document that you agreed to be bound to when you use 2FAS’s Application. The most recent version of the Terms of Service can be found here.

We collect the following Personal Information:
1. Categories of Personal Information collected
  1. Device ID
  2. Email address of users who contacted us through email
2. Specific pieces of Personal Information collected
  1. Device ID
    1. Brand
    2. Model
    3. Unique ID
    4. Operating system info
    5. Storage state
  2. Contact Information of users who contacted us through email
    1. Email address
  3. Categories of sources from which we collect your Personal Information
    1. We store the email address of users who contacted us through email.
    2. Once you download the 2FAS Application and begin to use the 2FAS Services, the 2FAS Application will record your Device ID.
  4. Purpose for which we collect your Personal Information
    1. We collect the Personal Information listed above in order to provide Services to you. In order for you to use 2FAS Services and receive tokens, we must have access to your Device ID. In order to receive push notifications from the 2FAS Application, you must provide us access to your Device ID.
    2. We collect the email addresses of users who sent us an email in order to reply and contact them back.
  5. Categories of third parties with whom we share your Personal Information
    1. We may share your email address with third parties in order to send email to you through 3rd party service.
    2. We may share your Personal Information (including email address) for processing payment companies if you want to donate to us.
  6. Categories of Personal Information that we share, sell, or disclose to third parties
    1. We do not and will never sell, trade, or otherwise transfer your Personal Information to an unrelated third party for marketing, advertising, or other uses.
    2. Unrelated third parties do not include those that assist us in performing our Services (including but not limited to include 2FAS Application push notifications, payment processors, email processing, and security and fraud prevention).
    3. We may release your Personal Information when it is appropriate to comply with the law, enforce this Privacy Policy, or protect ours or others’ rights, property, or safety.
Procedure for requesting your Personal Information:
1. You may contact us via email at [email protected] with the subject line “CCPA Right to Know” and a description of the Personal Information that you are requesting in the body of the email.
We may refuse to disclose your Personal Information if:
1. We cannot verify your request.
2. Your request is manifestly unfounded or excessive.
3. If we have already provided you with the requested Personal Information more than two times in the prior 12-month period.
4. You request that we disclose Personal Information that is your password or PIN. 2FAS does not collect any of this information from Users.

Procedure to request your Personal Information be deleted:
1. You may contact us via email at [email protected] with the subject line “CCPA Right to Delete” and a description of the Personal Information that you are requesting in the body of the email
In some cases, we may not be able to delete the Personal Information that you request and still provide you Services under the Terms of Service. For example, in order for you to use 2FAS Services and receive tokens, we must have access to your Device ID. In order to receive push notifications from the 2FAS Application, you must provide us access to your Device ID.

What Happened
What Personal Information was Involved
What We Are Doing
What You Can Do
Where to go For More Information

You may contact us via email at [email protected] with the subject line “CCPA Privacy Policy” and a description of your question, issue, or deletion request in the body of the email.

Notice. Notices under this Privacy Policy may be posted to our Site and sent via email to Users who have provided us with an email address.