2FA4G Privacy Policy

Effective Date: April 13, 2026

2FA4G ("we", "our", or "us") is a utility for importing OTP tokens on a phone and syncing supported tokens to a Garmin watch. This Privacy Policy explains what data is stored, how it is used, and which third-party services are involved.

1. Data Stored by the App

OTP data

  • token labels
  • issuer names
  • token secrets
  • token type and algorithm metadata
  • local sync state and HOTP counter state

This information is stored locally on your device. When you choose to sync to Garmin, supported tokens are also stored locally on the watch.

Purchase state

If you buy Pro access, purchase validation is handled through RevenueCat together with the App Store or Google Play billing systems. We do not receive your full card details.

Device and operational data

We may process limited operational data needed to make Garmin sync and entitlement checks work, such as device identifiers returned by Garmin Connect Mobile, entitlement status, and basic error information.

Camera access

If you choose to scan an OTP QR code, 2FA4G requests camera access on your device. Camera access is used only to scan QR codes for token import. We do not use the camera for advertising, profiling, or unrelated background collection as part of the normal product flow.

2. How We Use Data

We use data only to:

  • provide OTP import, storage, and Garmin sync
  • preserve local token state and HOTP counters
  • verify Pro entitlement status
  • diagnose reliability issues such as sync failures

3. Data Sharing

We do not sell OTP vault data.

We may rely on these third parties for limited product functions:

  • Garmin Connect Mobile for phone-to-watch communication
  • RevenueCat for entitlement management
  • Apple App Store and Google Play for billing and app distribution

These providers may process identifiers or billing-related metadata required for their services.

4. No Required Cloud Account

2FA4G does not require a separate first-party cloud account for normal token management and Garmin sync. The standard product flow is local-first.

5. Your Choices

You can:

  • delete tokens from inside the app
  • stop syncing tokens to the watch
  • uninstall the app to remove locally stored data from the phone
  • manage subscriptions through your App Store or Google Play account settings

If you remove the app from the watch, locally stored watch data may also be removed depending on Garmin platform behavior and your own actions.

6. Retention and deletion

OTP data remains stored locally until you delete the token, remove the app, or clear local app data. Watch-side token data remains until you remove it through sync changes, uninstall the watch app, or Garmin removes local storage as part of device behavior. Operational and entitlement data is retained only as long as needed for the related feature or troubleshooting purpose.

7. Security Notes

2FA4G is designed to keep token data local, but you remain responsible for:

  • securing your phone and watch
  • protecting access to your store account
  • verifying imported token details before use

8. Children's Privacy

2FA4G is not designed specifically for children and does not knowingly collect personal data from children as a first-party service.

9. Changes

We may update this Privacy Policy from time to time. The latest version published at this URL is the current policy.

10. Contact

For privacy questions, contact [email protected].