Skip to main content
Safecertus

Privacy

Safecertus Authenticator — privacy policy

Last updated: 2026-05-11

Certus ITM LLC ("CertusITM", "we", "our", or "us") operates the Safecertus Authenticator mobile applications and the Safecertus Identity Provider backend (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the Service.

Safecertus Authenticator is an enterprise security application intended for users whose organization has implemented the Safecertus Identity Provider, and for individual users who choose to manage their multi-factor authentication codes through the App.

1. Scope

This Privacy Policy applies to:

  • The Safecertus Authenticator iOS application (com.safecertus.app).
  • The Safecertus Authenticator Android application (citm.safecertus.auth).
  • The Safecertus Authenticator Wear OS companion application (citm.safecertus.auth.wear), which pairs with the Android phone application to deliver authentication prompts on smart watches.
  • The Safecertus Authenticator watchOS companion application, which pairs with the iPhone application to deliver authentication prompts on Apple Watch.
  • Related authentication services provided by the Safecertus Identity Provider backend.

It does not apply to third-party services integrated by your organization.

2. Information we collect

We collect only information necessary to provide secure authentication services.

2.1 Information you provide

  • Email address (corporate or personal).
  • Organization identifier (if applicable).
  • Time-based One-Time Password (TOTP) secrets that you choose to import via QR-code scan or manual entry. TOTP secrets are stored only on your device, encrypted at rest using Android Keystore / Apple Keychain.

For organization-managed accounts, enrollment is initiated through your organization's Safecertus portal. For personal TOTP entries, you initiate enrollment by scanning a QR code or entering a secret manually inside the App.

2.2 Device information

When you enroll a device, we may collect:

  • Device identifier (internal ID).
  • Device platform (iOS, Android, or Wear OS).
  • Push notification token: APNs token on Apple devices, FCM (Firebase Cloud Messaging) token on Android devices. Push tokens are rotated periodically and can be revoked at any time.
  • App version.
  • Operating system version.

This information is used solely for authentication and security purposes.

2.3 Authentication and security logs

To maintain security and audit integrity, we may collect:

  • Login attempt metadata.
  • MFA approval or rejection events.
  • IP address (associated with authentication attempts).
  • Timestamp of security events.
  • Access events for TOTP codes shared between Safecertus users (Phase 1B collaborative sharing).

These logs are used strictly for:

  • Security monitoring.
  • Fraud prevention.
  • Compliance and audit requirements.

2.4 Ephemeral data (never stored)

The following are processed in memory only and never transmitted or persisted:

  • Camera frames — captured solely during QR-code scanning. Images are decoded in memory and discarded immediately.
  • Bluetooth Low Energy radio packets — exchanged transiently during proximity-share sessions to negotiate a pairing handshake. No persistent log is kept.
  • Ultra-Wideband (UWB) distance measurements — produced while a proximity-share session is active. Used only for the "near" / "far" UI cue and discarded when the session ends.

3. Information we do NOT collect

Safecertus Authenticator does NOT collect:

  • Location data (GPS or coarse geolocation).
  • Contacts.
  • Photos or media library content.
  • Financial information.
  • Health data.
  • Advertising identifiers.
  • Cross-app tracking data.
  • Biometric templates (fingerprint, face, voice).

The App does not track users across other apps or websites.

4. Permissions we request (Android)

  • CAMERA — required to scan QR codes when enrolling new TOTP accounts or MFA push devices. We do not record, store, or transmit camera frames.
  • POST_NOTIFICATIONS — required to alert you about incoming MFA push challenges and TOTP-share invitations.
  • USE_BIOMETRIC / USE_FINGERPRINT — required to authorize sensitive actions with fingerprint or face recognition. Biometric data is processed locally by the Android operating system.
  • INTERNET — required to communicate with our backend.
  • BLUETOOTH_SCAN, BLUETOOTH_ADVERTISE, BLUETOOTH_CONNECT, ACCESS_FINE_LOCATION — required for the proximity-share feature. Used only while the proximity-share screen is open.
  • UWB_RANGING — optional. Used to refine proximity-distance estimation when both devices support Ultra-Wideband.

5. How we use information

We use collected information exclusively to:

  • Provide multi-factor authentication services.
  • Send authentication push notifications.
  • Forward MFA push notifications to your paired smart-watch (Wear OS or watchOS).
  • Verify device identity.
  • Detect and prevent unauthorized access.
  • Enable users on the same organization to share TOTP codes with each other (Phase 1B collaborative sharing).
  • Maintain system security and integrity.
  • Comply with legal or regulatory obligations.

We do not use collected data for advertising, analytics profiling, or training machine-learning models. The App contains no advertising SDKs and no third-party analytics SDKs.

6. Legal basis for processing (if applicable)

If you are located in a jurisdiction requiring a legal basis for data processing (such as the European Economic Area), processing is based on:

  • Legitimate interest in securing enterprise systems.
  • Contractual necessity (where authentication services are required by your organization).
  • Legal compliance obligations.
  • Consent (where you opt in to personal TOTP storage).

7. Data sharing and disclosure

We do not sell personal information. We may share limited data:

  • With your organization (as the data controller).
  • With infrastructure providers strictly necessary to operate the Service (cloud hosting, Apple Push Notification service, Google Firebase Cloud Messaging).
  • When required by law or legal process.

All service providers are contractually obligated to maintain confidentiality and security.

8. Data retention

  • Account email + device tokens: retained until you delete your account or request deletion.
  • TOTP secrets you create: stored on your device. If you uninstall the App the local data is wiped. You may also delete individual TOTP entries at any time from inside the App.
  • MFA push challenge records (timestamps, device IDs, approval status): retained 90 days for security audit purposes, then automatically purged.
  • Audit logs of access to shared TOTP codes: retained 90 days.

9. Data security

We implement appropriate technical and organizational measures to protect information, including:

  • Encrypted transmission (TLS 1.2 or higher).
  • TOTP secrets at rest encrypted with AES-256-GCM, using a server-side master key for shared TOTPs and the platform-native secure enclave (Android Keystore / Apple Keychain) for local TOTPs.
  • Secure token-based authentication.
  • Device-bound credentials.
  • Access controls.
  • Audit logging.

No system can guarantee absolute security, but we maintain industry-standard safeguards.

10. Biometric information

The App may use Face ID, Touch ID, fingerprint, or face recognition to confirm user presence before approving authentication requests. Biometric data:

  • Is processed locally on your device.
  • Is not transmitted to Safecertus servers.
  • Is not stored by Safecertus.

On Apple devices, biometric authentication is handled exclusively by Apple's Secure Enclave and operating system APIs. On Android devices, biometric authentication is handled exclusively by Android's BiometricPrompt and the hardware-backed Android Keystore.

11. Your rights

Depending on your jurisdiction, you may have rights to:

  • Access personal data.
  • Request correction.
  • Request deletion.
  • Restrict processing.
  • Object to certain processing.
  • Lodge a complaint with your local data protection authority.

Because Safecertus Authenticator operates within an enterprise environment, requests should generally be directed to your organization's administrator. You may also contact us directly at the email below.

12. International data transfers

Certus ITM LLC is incorporated in the United States. Data we hold on our servers is processed in the United States. If you access the Service from outside the United States, you consent to this transfer. We implement safeguards appropriate to applicable law to protect such transfers.

13. Children's privacy

Safecertus Authenticator is not intended for use by children under 13 years of age, in accordance with the U.S. Children's Online Privacy Protection Act (COPPA). In jurisdictions with higher minimum ages (such as 16 in parts of the European Economic Area), the higher local age applies. We do not knowingly collect personal data from children below the applicable minimum age.

14. Changes to this policy

We may update this Privacy Policy from time to time. Updates will be reflected by revising the "Last Updated" date. Continued use of the App after changes constitutes acceptance of the updated policy.

15. Contact information