Privacy Policy

Last updated: July 7, 2026

AuthPeak is a Chrome extension that manages your two-factor authentication (TOTP) codes entirely on your own device. Our privacy model is simple: everything stays on your device, and nothing is ever sent anywhere.

AuthPeak collects no personal data and transmits nothing. There are no servers and no network requests. The developer has no access to your vault or your codes.

What we collect

Nothing. AuthPeak has no user accounts, no analytics, no telemetry, and no crash reporting. We do not collect, receive, or have any way to access your data.

What leaves your device

Nothing. AuthPeak makes no network requests and works fully offline. There is no cloud sync and no backend. Everything — including decoding imported QR codes — runs locally on your machine. The QR-decoder component (WebAssembly) is bundled inside the extension and is never fetched from the internet.

What is stored, and how

Your two-factor secrets are stored only on your device, in the browser’s local storage, encrypted with AES-GCM. The encryption key is protected by envelope encryption and unlocked with your Touch ID credential (WebAuthn PRF), your passphrase, or a one-time recovery code. Secrets are never written in plaintext. Your non-secret settings (such as the auto-lock timeout) are also stored locally; they contain no personal data.

No tracking, no sharing, no ads

AuthPeak contains no analytics or tracking of any kind, shares no data with third parties, and shows no advertising. We do not sell or rent data, because we never receive any.

Permissions

AuthPeak requests only the minimum Chrome permissions needed to work on your device, and no host permissions:

None of these permissions send data off your device.

Data deletion

You are always in control of your data. Using the in-app Reset removes your stored vault, and uninstalling the extension removes all of AuthPeak’s stored data from your browser. Because nothing was ever uploaded, nothing persists anywhere else after removal.

Children’s privacy

AuthPeak is a general-purpose utility and is not directed at children. Since it collects no data at all, it collects no data from anyone, including children.

Changes to this policy

If this policy ever changes, the updated version will be published at this URL with a new “last updated” date.

Contact

Questions about privacy? Email support@peakuse.com.