Privacy Policy

1. Introduction

Authoryx ("the Application", "we", "our", or "us") is a product of Autum Labs LLP. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our mobile application, website, and related services (together, "the Service").

By using Authoryx, you agree to the collection and use of information in accordance with this Privacy Policy.

If you have questions about this policy or our data practices, please contact us at [email protected].

2. Definitions

• Account: A unique user profile created for you to access our Service.
• Application / Service: Authoryx, the OTP-sharing and group collaboration application provided by Autum Labs LLP.
• Personal Data: Any data that relates to an identified or identifiable individual.
• Device: Any device that can access the Service, such as a phone, tablet, or computer.
• Service Provider: Any entity processing data on behalf of Authoryx (e.g., Firebase, cloud hosting providers, email providers).
• Usage Data: Data collected automatically when you use the Service, such as device info, logs, and interactions.

3. Data We Collect

We collect information in the following categories:

A. Personal Data You Provide

When you use Authoryx, we may collect:

• Email address (for account creation, login, welcome emails, and password resets)
• First name and last name (for profile display)
• Phone number (for verification or group invites)
• Profile name, group name, and any content you input or configure for input from notifications (e.g., OTPs from notifications/shortcuts, Groups or Circles, Profiles)
• Support or feedback information (when contacting us)

B. Usage Data (Automatically Collected)

When you use the app, we automatically collect:

• Device identifiers (Firebase Instance IDs, Installation IDs)
• Device type, OS version, app version
• IP address, region, time zone
• Log and crash data (Firebase Crashlytics)
• In-app activity, session duration, features used
• Diagnostic and performance data (for stability and analytics)

C. OTPs and Sensitive Data

Authoryx facilitates sharing of One-Time Passwords (OTPs) and short-lived codes within private groups ("Circles").

• OTPs are transmitted securely and stored only as long as necessary to deliver them to intended recipients.
• All messages and OTPs are encrypted in transit and at rest.
• We do not permanently store OTPs on our servers beyond the retention period required for overall functionality.

D. Contacts and Device Permissions

• With your consent, Authoryx may access your contacts to help you invite or connect with users.
• Contacts are only used to find or invite friends and are not uploaded without your permission.
• To enable automatic OTP capture and filtering, Authoryx may request explicit user permission for Notification Access only when you enable that feature. These permissions are used solely to detect short-lived OTPs on your device and are not used to upload or share notification content without your clear consent.
• You can enable or disable access to these permissions at any time in your device settings.

Summary

Authoryx may collect the following categories of data for core functionality and app performance:

• Personal information (email, name, phone number)
• Contacts (only when user grants permission)
• App activity and device identifiers (for analytics and security)
• Diagnostics and crash logs (to improve reliability)
• Notifications to filter out required OTPs as configured by user (only when user grants permissions)
• We do not collect precise location data, financial information, or biometric identifiers.

4. Firebase and Third-Party Services

We use trusted third-party services to operate core features of Authoryx:

A. Firebase (Google LLC)

We use Firebase for:

• Push notifications (Firebase Cloud Messaging)
• Device identification (Instance IDs / Installation IDs)
• Crash reporting (Firebase Crashlytics)
• Analytics and performance monitoring (Firebase Analytics)
• We use Firebase Analytics solely for internal performance insights and crash diagnostics. No personal data is used for advertising, profiling, or shared with Google for marketing purposes.

Firebase may collect device-related identifiers and analytic data. Firebase's data use is governed by Google's Privacy Policy: https://policies.google.com/privacy

B. Email and Communication Providers

We use secure third-party email services to send:

• Welcome and verification emails
• Password reset emails
• Account and security notifications

Only the necessary data (email address and message metadata) is shared with these providers.

C. Azure (Microsoft Corporation)

We use Microsoft Azure for:

• Cloud infrastructure and hosting services
• Secure data storage and backup
• Application deployment and scaling
• Database management and security

Azure may process data in accordance with Microsoft's data processing standards. Azure's data use is governed by Microsoft's Privacy Statement: https://privacy.microsoft.com/privacystatement

In addition to Firebase and Microsoft Azure, Authoryx may use:

• Other cloud hosting providers (e.g., Google Cloud, AWS, or similar) for secure infrastructure and data storage.
• Analytics providers (e.g., Google Analytics for Firebase) to understand app usage trends.

All such providers are bound by strict confidentiality and data protection agreements.

5. How We Use Your Data

We use collected information to:

• Provide and maintain the Service
• Create and manage your Account
• Send transactional emails (welcome, password reset, verification)
• Deliver OTPs and facilitate secure group communication
• Notify you about updates, features, or policy changes
• Respond to customer support requests
• Analyze performance, detect bugs, and improve user experience
• Ensure legal compliance and protect against fraud or abuse
• Conduct internal analytics (aggregated and anonymized)
• Authoryx does not perform automated decision-making or profiling that has legal or significant effects on users.

Legal Basis for Processing (for EU/EEA Users)

We process your Personal Data under one or more of the following legal bases:

• Consent: When you provide permission (e.g., for marketing or optional analytics).
• Contractual Necessity: To perform our obligations under the Terms of Service (e.g., delivering OTPs, maintaining your account).
• Legitimate Interests: To improve security, analyze app performance, and prevent fraud.
• Legal Obligation: To comply with applicable laws and regulations.

6. Sharing of Your Data

We may share your Personal Data under the following circumstances:

• With Service Providers: For hosting, analytics, email, crash reporting, and technical support.
• With Affiliates or Business Partners: Only as needed to provide requested features.
• In Business Transfers: In case of a merger, acquisition, or sale, with prior notice.
• For Legal Reasons: To comply with lawful requests, subpoenas, or investigations.
• With Your Consent: When you explicitly authorize sharing (e.g., group invitations).

We do not sell or rent your personal data.

7. Data Retention

• Personal Data is retained only as long as necessary to fulfill the purposes described here.
• OTPs and messages are temporary and removed once delivered, and timeouts for Tap-To-View OTP messages.
• Account data is retained until you delete your account or request deletion.
• Some data (e.g., logs or backups) may persist briefly for security, legal, or operational reasons.
• When you delete your account, all associated personal data and identifiers will be permanently removed within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, legal obligations).

8. Data Transfer and International Processing

Your information may be stored and processed in countries other than your own. We ensure appropriate safeguards (such as Standard Contractual Clauses or equivalent legal mechanisms) for international data transfers to ensure compliance with GDPR and other laws.

9. Security of Your Data

We implement industry-standard safeguards:

• Encryption in transit (TLS/SSL)
• Encryption at rest (for sensitive data)
• Secure authentication (tokens, hashed passwords)
• Role-based access control for internal staff

Despite these measures, no transmission or storage system is fully secure. If a data breach occurs, we will notify affected users and regulators within 72 hours of becoming aware, where required by law.

10. Cookies and Tracking Technologies

We and our partners may use cookies, local storage, or similar technologies for:

• Session management
• Authentication
• Analytics and performance
• Personalizing user experience

You can disable cookies in your device or browser settings, but this may affect certain features.

11. Children's Privacy

Authoryx is not intended for children under the age of 13, and we do not knowingly collect data from anyone under 13.

Because the app does not request age information, we cannot always identify users' age. If we discover that data from a child under 13 was collected without parental consent, we will delete it immediately.

If you believe your child has used Authoryx and shared personal information, please contact [email protected].

12. Your Rights

Depending on your location, you may have the following rights:

A. GDPR (European Union / EEA residents)

Data Controller

Autum Labs LLP
Registered in Bhopal, Madhya Pradesh, India
For GDPR purposes, Autum Labs LLP is the data controller of your personal data.

You have the right to:

• Access, correct, or delete your personal data
• Restrict or object to processing
• Withdraw consent at any time
• Data portability (receive a copy of your data in a structured format)
• Lodge a complaint with your local data protection authority

To exercise GDPR rights, contact [email protected].

B. CCPA / CPRA (California, USA residents)

California residents have the right to:

• Know the categories and specific pieces of personal information collected, used, and disclosed
• Request deletion of personal information
• Opt-out of the sale or sharing of personal information (we do not sell data)
• Be free from discrimination for exercising privacy rights

To make a request, email [email protected] with "California Privacy Request" in the subject line. We will verify your identity before processing the request.

C. CalOPPA (California Online Privacy Protection Act)

We do not currently respond to browser "Do Not Track" (DNT) signals. You can manage privacy settings within the app and your device preferences. This Privacy Policy is accessible via our website and app as required under CalOPPA.

D. Other Regions

Users from other regions (India, UK, Canada, Australia, etc.) have equivalent data access and deletion rights under local privacy laws. Please contact [email protected] for assistance.

13. How to Exercise Your Rights

To submit a privacy request (access, correction, deletion, or complaint):

1. Email [email protected]
2. Include your Authoryx account email and sufficient details to verify your identity

We may ask for additional information to protect your account from unauthorized requests. We will respond within legally mandated timeframes (usually 30 days or as required).

14. Do Not Sell or Share My Personal Information

Authoryx does not sell user data. If we ever engage in data sharing that could be considered "sale" under applicable law, we will provide an opt-out mechanism ("Do Not Sell or Share My Info") via our website and in-app settings.

15. Links to Other Websites

Our Service may contain links to third-party websites (e.g., documentation, partner pages). We are not responsible for their content or privacy practices. Please review each site's privacy policy before providing personal information.

16. Updates to This Privacy Policy

We may update this Privacy Policy periodically.

• The "Last Updated" date at the top will reflect the most recent version.
• Significant changes will be notified via in-app notice or email (if applicable).
• Your continued use of Authoryx after updates constitutes acceptance of the revised policy.

17. Contact Us

If you have any questions, requests, or complaints regarding this Privacy Policy or your data, please contact:

Email: [email protected]

Website: https://www.authoryx.com/privacy