🔒 Legal

Privacy Policy

Last updated: May 2025

At 2FA.AC, your privacy is our priority. This policy explains what data we collect, how we use it, and how we protect it.

✅

Our Privacy Commitment

All tools on 2FA.AC process data locally in your browser. We do not collect passwords, secret keys, or any sensitive inputs. No account required. No data sold. Ever.

📋

1. Information We Collect

2FA.AC is designed with privacy at its core. We collect minimal information to operate the website:

• No Account Data: We do not require you to create an account or provide personal information to use any tool.

• No Passwords or Keys: All 2FA secret keys, passwords, and sensitive inputs are processed entirely in your browser. They are never transmitted to our servers.

• Basic Analytics: We may collect anonymous usage data such as page views and browser type to improve our service. This data does not identify you personally.

• LocalStorage: Some tools (like 2FA History) store data locally in your browser using localStorage. This data never leaves your device.

🔒

2. How We Use Your Information

The limited information we collect is used solely to:

• Operate and maintain the website

• Analyze aggregate usage patterns to improve our tools

• Detect and prevent technical issues or abuse

• Ensure the security and stability of the service

We do not sell, trade, or rent your information to third parties under any circumstances.

🌐

3. Browser-Based Processing

All cryptographic operations on 2FA.AC run entirely in your browser:

• TOTP Code Generation: Uses the Web Crypto API locally — your secret key never leaves your device.

• Password Breach Check: Uses k-anonymity — only a partial SHA-1 hash prefix is sent to HaveIBeenPwned API. Your actual password is never transmitted.

• Hash Generation: MD5, SHA-256, SHA-512 are all computed locally in your browser.

• JWT Decoding: JWT tokens are decoded client-side — nothing is sent to our servers.

• Base64 Encoding: Processed entirely in your browser using native JavaScript.

🍪

4. Cookies

2FA.AC uses minimal cookies:

• No Tracking Cookies: We do not use advertising or behavioral tracking cookies.

• Session Data: We may use essential session cookies required for website functionality.

• Third-Party APIs: Some tools use third-party APIs (Google DNS, HaveIBeenPwned, ipapi.co) which may have their own privacy policies. We recommend reviewing their policies.

You can disable cookies in your browser settings, though this may affect some functionality.

🔗

5. Third-Party Services

Some tools on 2FA.AC make requests to third-party APIs to provide their functionality:

• Google DNS API (dns.google): Used by the DNS Lookup tool to query DNS records.

• HaveIBeenPwned (api.pwnedpasswords.com): Used by the Password Breach Checker with k-anonymity protection.

• ipapi.co: Used by the IP Lookup tool to retrieve geolocation data for IP addresses.

• RDAP.org: Used by the WHOIS Lookup tool to retrieve domain registration information.

• QR Server (api.qrserver.com): Used by the QR Code Generator to create QR code images.

Each of these services has its own privacy policy. We encourage you to review them.

🛡️

6. Data Security

We take the security of our platform seriously:

• All pages are served over HTTPS to encrypt data in transit.

• We do not store any user-generated data on our servers.

• Sensitive operations (password checking, 2FA generation) are handled client-side only.

• We regularly review our tools and practices to maintain security standards.

Despite our best efforts, no internet transmission is 100% secure. We cannot guarantee absolute security of data transmitted to third-party APIs.

👶

7. Children's Privacy

2FA.AC is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, please contact us and we will take steps to remove that information.

✏️

8. Changes to This Policy

We may update this Privacy Policy from time to time. When we do:

• The "Last Updated" date at the top of this page will be revised.

• For significant changes, we may provide a more prominent notice.

• Your continued use of 2FA.AC after changes constitutes acceptance of the updated policy.

We encourage you to review this page periodically for any changes.

📧

9. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: hello@2fa.ac

• Website: 2fa.ac

We will respond to your inquiry within 7 business days.

Questions about your privacy?

We are happy to clarify anything in this policy.