Privacy Policy

1. Introduction

This Privacy Policy describes how UBXen ("we", "our", or "us") collects, uses, and protects your information when you use our two-factor authentication management service ("the Service").

We are committed to protecting your privacy and maintaining the security of your sensitive authentication data. This policy explains our practices regarding data collection, usage, and protection.

2. Information We Collect

2.1 Account Information

• Email Address: Required for account creation and communication
• Password: Securely hashed and stored for authentication
• PIN: Your 4-digit PIN for additional security (hashed and stored)
• Profile Information: Any optional information you provide

2.2 2FA Data

• 2FA Secrets: Encrypted with AES-256 before storage
• Service Names: Labels you assign to your 2FA keys
• Sharing Permissions: Who you've shared access with and their permission levels

2.3 Usage Information

• Login Activity: Timestamps and IP addresses for security monitoring
• Feature Usage: How you interact with the service for improvement
• Error Logs: Technical information to diagnose and fix issues

2.4 Communication Data

• Email Communications: Records of emails sent for notifications and sharing
• Support Interactions: Messages exchanged through our support channels

3. How We Use Your Information

3.1 Service Provision

• Authenticate your access to the platform
• Generate and display TOTP codes in real-time
• Enable secure sharing of 2FA codes with team members
• Send notification emails about sharing activities

3.2 Security and Safety

• Monitor for suspicious account activity
• Prevent unauthorized access and fraud
• Maintain audit logs for security purposes
• Comply with legal obligations

3.3 Service Improvement

• Analyze usage patterns to enhance features
• Identify and fix technical issues
• Develop new functionality based on user needs
• Optimize performance and reliability

4. Data Security Measures

4.1 Encryption

• Data at Rest: All 2FA secrets encrypted with AES-256
• Data in Transit: HTTPS/TLS 1.3 for all communications
• Password Security: Bcrypt hashing with salt
• Database Security: Encrypted database with restricted access

4.2 Access Controls

• Multi-factor authentication for admin access
• Role-based access control for team members
• Regular access reviews and permission updates
• Automatic session expiration and logout

4.3 Infrastructure Security

• Secure cloud hosting with trusted providers
• Regular security audits and penetration testing
• Automated backup and disaster recovery
• 24/7 monitoring and incident response

5. Data Sharing and Disclosure

5.1 We DO NOT Share Your Data Except:

• With Your Consent: When you explicitly share 2FA codes with team members
• Legal Requirements: If required by law, court order, or regulatory authority
• Security Purposes: To prevent fraud or protect user safety
• Service Providers: Trusted third parties who assist in service provision (under strict confidentiality)

5.2 We NEVER:

• Sell your personal information to third parties
• Share your 2FA secrets or codes with anyone
• Use your data for advertising or marketing to others
• Access your unencrypted 2FA secrets (we can't decrypt them)

6. Data Retention

6.1 Account Data

We retain your account information and 2FA data for as long as your account is active. Upon account deletion, we permanently remove all personal data within 30 days.

6.2 Log Data

Security logs and access records are retained for up to 90 days for security monitoring purposes, then automatically deleted.

6.3 Communication Records

Email notifications and support communications are retained for up to 1 year for service improvement and support purposes.

7. Your Privacy Rights

7.1 Access and Control

• View Your Data: Access all information we have about you
• Update Information: Modify your profile and account details
• Export Data: Download your 2FA configurations
• Delete Account: Permanently remove all your data

7.2 Communication Preferences

• Opt out of non-essential email notifications
• Choose your preferred communication frequency
• Manage sharing notification settings

8. Cookies and Tracking

8.1 Essential Cookies

We use essential cookies for authentication, security, and core functionality. These cannot be disabled without affecting service operation.

8.2 Analytics

We may use privacy-focused analytics to understand service usage and improve performance. No personal information is shared with analytics providers.

8.3 No Advertising Tracking

We do not use advertising cookies or share data with advertising networks.

9. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place, including:

• Adequate data protection standards
• Contractual protections with service providers
• Compliance with applicable data protection laws

10. Children's Privacy

UBXen is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Sending an email notification to your registered address
• Posting a notice on our website
• Updating the "Last Updated" date at the top of this policy

12. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

• Notify you within 72 hours of discovery
• Provide details about what information was affected
• Explain steps we're taking to address the breach
• Offer guidance on protective measures you can take