隐私政策 - Authenticator Cloud

1. 信息收集

Authenticator Cloud 默认按“本地优先”设计，但在您使用登录、云同步和会员功能时，我们会收集和处理少量必要信息，以完成服务提供和安全校验。

未登录时，验证码数据默认仅保存在您的本地设备或浏览器扩展存储中
当您注册或登录账户时，我们会收集您的邮箱地址，用于账户识别、登录验证和安全通知
当您启用云同步时，我们会将同步所需的验证码数据上传到服务器，但数据在入库前会经过安全加密处理
当您使用会员订阅功能时，支付过程会交由第三方支付服务商处理，我们不会直接保存您的完整银行卡或支付账户信息
我们不会出售您的个人信息，也不会将验证码明文提供给任何第三方

2. 数据存储

为了提供必要功能，我们可能在本地或云端存储以下信息：

本地验证码密钥、服务名称、账户标识、图标、排序和界面偏好设置
账户登录相关信息，例如邮箱地址、登录会话、设备标识和会员状态缓存
备份导入导出过程中使用的加密备份数据
若启用云同步，服务器会保存加密后的验证码数据、同步时间、设备信息和订阅状态记录
若开通 VIP，我们会保存与订阅和支付状态相关的必要记录，用于识别会员权益是否生效

3. 数据安全

我们尽量将敏感信息暴露面压到最低，并对同步数据做加密保护：

本地验证码密钥和备份数据会使用加密方式存储，避免以明文形式暴露在普通存储中
启用云同步时，上传到服务器的是加密后的验证码数据，而不是可直接使用的明文密钥
服务器侧保存的是加密结果和必要的账户/设备元数据；除用户本人持有的有效会话外，其他人无法直接解密并使用这些验证码数据
支付信息由第三方支付服务商处理，我们仅接收订阅结果、订单状态和必要的支付标识
我们会持续更新安全策略、访问控制和代码实现，降低数据泄露和误访问风险

4. 功能说明

4.1 二维码扫描

二维码扫描和识别功能遵循本地优先原则：

扩展中的网页二维码扫描会在本地处理页面截图，不会把截图上传到我们的服务器
App 中的相机扫码和相册识别也以本地解析为主，不会因识别二维码而上传原始图片
二维码解析出的密钥只会用于生成验证码账户，是否同步到云端取决于您是否启用了对应功能

4.2 数据操作

不同功能对应的数据处理方式如下：

复制、显示、填写验证码等日常操作优先在本地完成
导出备份会生成加密文件，便于您在其他设备恢复
导入备份或登录后同步的数据，可能会在本地建立缓存，以便更快显示
若您启用 VIP 云同步，账户新增、编辑、排序、删除等操作可能在后台同步到云端

5. 数据访问

我们仅请求功能所需的最小权限，并尽量将访问范围限制在当前操作上下文内：

剪贴板访问：用于复制验证码
本地存储访问：用于保存验证码、本地缓存、偏好设置和备份信息
标签页或页面访问：用于识别网页二维码、自动填入验证码等浏览器扩展功能
相机或照片访问：仅在 App 中扫码或从相册导入二维码时使用
网络访问：用于登录、会员状态刷新、云同步、帮助内容获取和支付状态同步

6. 数据删除

您可以根据自己的使用方式控制数据保留和删除：

删除单个验证码账户，或清除当前设备上的本地数据
退出登录时选择是否保留本机缓存或清除本地数据
关闭云同步后停止继续上传新的同步数据
如需彻底停止使用，可删除本地数据、卸载扩展或 App，并联系我们处理账户层面的相关请求

7. 第三方服务

会员支付和订阅可能由第三方支付服务商处理，例如 Paddle、Apple 或 Google
联系我们表单可能使用第三方邮件与安全验证服务来完成发送和反滥用校验
这些第三方服务会按照各自的隐私政策处理其必须接触到的数据

8. 安全承诺

我们尽量减少明文敏感数据的存储和传输范围
我们会持续修复已发现的安全问题并更新实现
如果隐私策略、同步方式或支付流程发生明显变化，我们会同步更新本页内容

1. Information Collection

Authenticator Cloud is designed with a local-first approach, but some features require limited account, sync, and payment-related data to be processed.

When you stay signed out, your codes are primarily stored on your local device or browser extension storage
When you sign up or sign in, we collect your email address for account identification, login verification, and security-related communication
When you enable cloud sync, we upload the required authenticator data to our servers in encrypted form
When you subscribe to VIP, payment processing is handled by third-party payment providers and we do not directly store your full card details
We do not sell your personal data and we do not intentionally expose plaintext authenticator secrets to third parties

2. Data Storage

To provide the service, we may store the following information locally or on our servers:

Authenticator secrets, service names, account identifiers, icons, ordering, and interface preferences on your device
Account-related information such as email address, session state, device identity, and cached membership status
Encrypted backup data created during export and import workflows
If cloud sync is enabled, encrypted authenticator data, sync timestamps, device metadata, and subscription status records on our servers
If VIP is enabled, the minimum subscription and payment records required to determine entitlement status

3. Data Security

We minimize sensitive data exposure and protect sync data with encryption:

Authenticator secrets and backup data are stored locally in encrypted form rather than as easy-to-read plaintext
If cloud sync is enabled, the data uploaded to our servers is encrypted before storage
Our servers keep encrypted payloads plus the minimum account and device metadata required to operate the service
Payment details are handled by third-party payment providers; we only receive the status and identifiers needed to manage your subscription
We continue to update implementation details, access controls, and security practices to reduce exposure risk

4. Feature Description

4.1 QR Code Scanning

QR-related features remain local-first:

When the extension scans a QR code from a web page, the screenshot is processed locally and is not uploaded to our servers
When the App scans from the camera or a selected image, the QR content is parsed locally
The parsed secret is only used to create an authenticator entry; whether it syncs depends on the features you enable

4.2 Data Operations

Different features involve different data flows:

Daily actions such as viewing, copying, and filling codes are handled locally whenever possible
Backup export creates an encrypted file that you can move to another device
Imported or synced data may be cached locally to make the app feel immediate on next launch
If VIP cloud sync is enabled, account creation, edits, ordering, and deletion may sync in the background

5. Data Access

We request only the access required for the corresponding feature:

Clipboard access: to copy verification codes
Local storage access: to store codes, preferences, backup metadata, and local cache
Tab or page access: for extension features such as QR detection and code fill
Camera or photo access: only when the App scans a QR code or imports from an image
Network access: for sign-in, membership refresh, cloud sync, help content, and payment status updates

6. Data Deletion

You control how much data stays on the device or in the account:

You can delete individual authenticator entries or clear local device data
When signing out, you can choose whether to keep or remove local cached data on the device
If you stop using cloud sync, new changes will no longer be uploaded
You can remove local data, uninstall the extension or app, and contact us for account-level requests if needed

7. Third-Party Services

VIP payments and subscriptions may be processed by third-party providers such as Paddle, Apple, or Google
The contact form may use third-party email delivery and anti-abuse services
Those providers process the minimum data they need under their own privacy policies

8. Security Commitment

We try to keep plaintext exposure and data transmission to a minimum
We continue to patch known issues and improve the implementation
We will update this page when the privacy model, sync behavior, or payment flow changes in a meaningful way

隐私政策 Privacy Policy