WristGuardian Privacy Policy

Last Updated: December 31, 2024

Overview

WristGuardian is a two-factor authentication (2FA) app that generates time-based one-time passwords (TOTP) on your Android phone and Wear OS watch. Your privacy and security are our top priorities.

Data Collection

WristGuardian does NOT collect, transmit, or store any personal data on external servers.

What We Store Locally

• Authentication Secrets: The TOTP secrets from your scanned QR codes are stored exclusively on your device using Android's encrypted storage (EncryptedSharedPreferences backed by Android Keystore).
• Account Labels: The issuer names and account labels (e.g., "Google - user@email.com") are stored locally to help you identify your accounts.

What We Do NOT Collect

• No analytics or usage data
• No personal information
• No location data
• No advertising identifiers
• No data transmitted to external servers

Data Storage & Security

• All authentication secrets are encrypted using Android Keystore
• Data is stored only on your device and paired watch
• No cloud backup or sync to external servers
• Secrets never leave your devices

Watch Synchronization

When you sync accounts to your Wear OS watch:

• Data transfers directly between your phone and watch via Google's Wearable Data Layer API
• This is a direct, encrypted connection between your paired devices
• No data passes through our servers (we have none)

Camera Permission

The app requests camera permission solely to scan QR codes for adding new accounts. Camera data is processed locally and is never stored or transmitted.

Backup & Export

If you use the backup feature:

• Backups are encrypted with a password you choose
• Backup files are stored only where you save them
• We cannot access or recover your backups

Third-Party Services

WristGuardian uses:

• Google ML Kit (on-device): For QR code scanning. Processing happens entirely on your device.
• Google Wearable Data Layer: For phone-to-watch communication between your own paired devices.

No third-party analytics, advertising, or tracking services are used.

Data Deletion

Uninstalling WristGuardian removes all locally stored data. To remove data from your watch, uninstall the watch app separately.

Children's Privacy

WristGuardian does not knowingly collect data from children under 13.

Changes to This Policy

We may update this policy occasionally. Changes will be reflected in the "Last Updated" date.

Contact

For questions about this privacy policy, contact: Kirk@techspot.app

---

Summary: Your secrets stay on your devices. We don't have servers. We can't see your data. That's the point.