Privacy Policy

Introduction

Welcome to MFA • 2FA Authenticator: Authy, provided by Hyperlink InfoSystem INC, registered in New York, US (“we,” “us,” or “our”). This Privacy Policy describes how we collect, use, share, and protect your personal data when you use our services and use the MFA • 2FA Authenticator: Authy app (“Application”, “Platform”), or engaging with our sales, marketing, or event offerings. It also explains your privacy rights and choices.

If you do not agree with this policy, please do not use our Services.

This Privacy Policy applies solely to the data we collect directly through our services. It does not cover data collected or stored by third-party websites and applications accessed via our platform. For region-specific privacy considerations, additional provisions are available for users in California and the European Economic Area (EEA).

Data We Collect

We collect data voluntarily provided during interactions with the Services, including when contacting support, opting into communications, or engaging in donations or other payments where applicable.

• Contact details: Email address (if provided for support, notifications, or inquiries).
• Communication content: Messages or support requests sent to us.

Automatically Collected Information

We collect certain information automatically to operate, secure, and improve the Services:

• Device information: Brand, model, OS version, unique device identifiers, storage state.
• Identifiers and analytics: Device/app ID, usage/activity data, session events, and error or system logs.
• Cookies and similar technologies: Used on the website and applicable interfaces for functionality, analytics, and security.

Purpose of Data Collection

The information we collect is used to:

• Facilitate the functionality of our services, such as generating authentication tokens.
• Enhance user experience and address technical issues.
• Comply with legal obligations and safeguard against fraud or security breaches.

Processing of the Information

We process personal information for the following purposes:

• App functionality: To facilitate core authentication features, including generation of TOTP/HOTP tokens and related operations.
• Account or preference management: To manage any settings, communications, or user choices where applicable.
• Service delivery and support: To respond to inquiries, provide troubleshooting, and address technical issues.
• Security and fraud prevention: To detect, prevent, and investigate security threats or abuse.
• Legal compliance: To meet legal obligations and enforce terms.
• Communications: To send administrative notices, policy updates, and service-related information where contact information is provided.

Processing of the Information

We process personal information for the following purposes:

• App functionality: To facilitate core authentication features, including generation of TOTP/HOTP tokens and related operations.
• Account or preference management: To manage any settings, communications, or user choices where applicable.
• Service delivery and support: To respond to inquiries, provide troubleshooting, and address technical issues.
• Security and fraud prevention: To detect, prevent, and investigate security threats or abuse.
• Legal compliance: To meet legal obligations and enforce terms.
• Communications: To send administrative notices, policy updates, and service-related information where contact information is provided.

Purpose and Legal Basis for Processing

• Performance of contract: Providing the Services, managing purchases/donations, and supporting requested features.
• Legitimate interests: Ensuring security, improving the Services, analytics, and operating the platform.
• Legal obligations: Maintaining records as required by tax, accounting, and applicable laws.
• Consent: Where required for optional cookies/analytics or region-specific rights. Consent can be withdrawn at any time as described below.

Sharing of Personal Information

We do not sell, trade, or transfer personal information to unrelated third parties for their marketing or advertising.
Our website and applications may contain links to external websites. We are not responsible for the privacy practices of these third parties and recommend reviewing their policies independently.

We may share personal information with:

• Service providers: Trusted vendors who support essential functions, such as email communication, push notifications, payment processing for donors, analytics (e.g., Google Analytics on the website), security, hosting, and fraud prevention. These providers are bound by confidentiality and data protection obligations.
• Corporate events: In connection with mergers, acquisitions, or asset transfers, subject to this Policy’s protections.
• Legal obligations: Maintaining records as required by tax, accounting, and applicable laws.
• Legal compliance and safety: Where required to comply with law, enforce terms, or protect rights, property, safety, or security.

International Data Transfers and Storage

• Personal data may be processed and stored on Amazon Web Services (AWS) in the United States, with industry‑standard encryption in transit and at rest.
• EEA/UK transfers: Where data is transferred outside the EEA/UK, appropriate safeguards such as Standard Contractual Clauses or adequacy decisions are implemented.
• Updates: If storage locations materially change, this Policy will be updated accordingly.

Cookies and Analytics

• Cookies are used to operate the website, improve user experience, analyze traffic, and enhance security.
• Browser controls allow cookies to be disabled; some features may not function as intended if cookies are blocked.
• Google Analytics may be used to understand service usage patterns on the website or related pages. Users can opt out via Google’s tools. Additional information about Google’s processing is available in Google’s publicly available materials.

Data Retention

• Retention is limited to the duration necessary for the purposes described in this Policy.
• For accounts, data is retained while the account remains active and the Services are used.
• Upon a verified deletion request or account closure, associated personal data will be deleted within seven (7) days, subject to retention required by legal obligations (e.g., payments and invoices retained for regulatory periods).

In-App Purchases

Payments are processed by third-party providers; payment credentials entered with those providers are not accessed by us. By making an in-app purchase through our App, you acknowledge and agree that all sales are final. We do not offer refunds or cancellations after purchase, except as required by applicable consumer protection laws.
All subscription plans and pricing are presented clearly within the App prior to purchase. Please review the plan details carefully before confirming your purchase. For any concerns or support related to your purchase, you may contact us at legal@hyperlinkinfosystem, but please note that refunds will only be issued if mandated by law.

Before you complete a purchase, we clearly display price, recurring periods, billing intervals.

Your Rights

Depending on jurisdiction, the following rights may apply:

• Access, rectification, and erasure: Request copies, corrections, or deletion of personal information.
• Restriction and objection: Request processing restrictions or object to certain processing, including where based on legitimate interests.
• Data portability: Request portable copies in a machine‑readable format where applicable.
• Consent withdrawal: Where processing is based on consent (e.g., certain cookies/analytics), consent may be withdrawn at any time via settings or by contacting us; this does not affect the lawfulness of prior processing.
• Marketing opt‑out: Unsubscribe from marketing communications at any time. Service and transactional messages may still be sent.

GDPR‑Specific Disclosures (EEA/UK)

• Controller: We the entity managing the Services acts as the controller for personal data processed as described.
• Lawful bases: Performance of contract, legitimate interests, legal obligations, and consent (as detailed above).
• EEA/UK transfers: Adequacy decisions or Standard Contractual Clauses apply for transfers to non‑EEA/UK countries, including the United States.
• Rights and timelines: Access, rectification, erasure, restriction, objection, and portability requests will be addressed within thirty (30) calendar days. A nominal fee may be charged where permitted by law for excessive or manifestly unfounded requests.
• Complaints: Individuals may lodge a complaint with a competent supervisory authority in the EEA/UK in addition to contacting us.

California “Shine the Light”
California residents may request information about disclosures of certain categories of personal information to third parties for their direct marketing, if any, once per year free of charge.

Children’s Privacy

The Services are not intended for individuals under the age of 16. If it is learned that data has been collected from someone under 16, access will be terminated and data will be deleted.

Changes to this Policy

This Policy may be updated from time to time. The “Last Updated” date will reflect changes. For material changes, reasonable efforts will be made to notify via in‑app notice or email if available. Continued use of the Services after changes indicates acceptance.

Contact Us

For questions or concerns related to this Privacy Policy, please contact us via email at 2fa.hyperlinkinfosystem@gmail.com CC: legal@hyperlinkinfosystem.com with the subject line “Privacy Policy of MFA • 2FA Authenticator: Authy.”