Privacy Policy

Effective as of 2026-05-20

This privacy policy applies to the Auth App (hereby referred to as "Application") for mobile devices, created by Juan Castro (hereby referred to as "Service Provider") as a free service. This service is intended for use "AS IS".


Information Collection and Use

The Application collects information you provide when creating an account or updating your profile. This includes:

This information is stored securely on the Service Provider's servers and is used solely to provide and maintain your account and the Application's features.


Authentication & Token Storage

The Application uses JSON Web Tokens (JWT) for authentication. Access tokens and refresh tokens are issued by the Service Provider's backend server. The refresh token is stored exclusively on your device using the operating system's secure storage (iOS Keychain / Android Keystore). It is never stored in plain text or in shared storage.


Third-Party Authentication Providers

The Application offers optional sign-in via third-party providers. When you choose to sign in with a provider, their SDK handles the authentication flow and the Application receives only a verification token. The following providers may be used:

The Service Provider does not receive your passwords from any of these providers.


Push Notifications

The Application uses Firebase Cloud Messaging (FCM), a service provided by Google LLC, to deliver push notifications. When you grant notification permission, a device token is generated by FCM and sent to the Service Provider's backend server. This token is used solely to route push notifications to your device and is not shared with third parties.


Biometric Data

The Application offers an optional biometric login (Face ID / Touch ID). Biometric data is processed entirely by the operating system and is never accessed, stored, or transmitted by the Application or the Service Provider. The Application only receives a success or failure response from the OS.


Data Sharing

The Service Provider does not sell, trade, or share your personal information with third parties, except as required to provide the services described in this policy (authentication providers, push notification delivery) or as required by law.


Data Retention & Deletion

Your account data is retained for as long as your account is active. You may request deletion of your account and all associated data by contacting the Service Provider at the email address below. Upon request, your data will be permanently deleted from the server within a reasonable timeframe.


Children

The Application is not directed at children under the age of 13. The Service Provider does not knowingly collect personal information from children under 13. If you believe your child has provided personal information, please contact the Service Provider to have it removed.


Security

The Service Provider takes reasonable measures to protect your information, including HTTPS encryption for all data in transit, secure token storage on-device, and SSL certificate pinning within the Application. However, no method of transmission over the internet is 100% secure.


Changes

This Privacy Policy may be updated from time to time. The Service Provider will notify you of any changes by updating this page. Continued use of the Application after any changes constitutes your acceptance of the new policy.

This privacy policy is effective as of 2026-05-20


Contact Us

If you have any questions regarding this Privacy Policy or wish to request data deletion, please contact the Service Provider at contact@authdemoapp-jec.com.