Privacy Policy
Last updated: January 29, 2026
Overview
No BS Auth Codes ("the Extension") is a Chrome browser extension that helps you manage your two-factor authentication (2FA) TOTP codes. We are committed to protecting your privacy and being transparent about our data practices.
Data We Store
The Extension stores the following data:
- TOTP Secrets: Your 2FA secret keys are stored locally in Chrome's storage and optionally synced to Google Firebase Firestore if you sign in with Google.
- Preferences: Your settings (encryption toggle, popup size) are stored locally.
- License Key: If you purchase Pro/Supporter tier, your license key is stored in Chrome sync storage.
Data We Collect
If you choose to sign in with Google:
- Email address: Used to identify your account for cloud sync.
- Firebase UID: A unique identifier for storing your encrypted vault in Firestore.
We do NOT collect:
- Browsing history
- Personal information beyond email
- Usage analytics or tracking data
- Your actual TOTP codes (we only store encrypted secrets)
Data Sharing
We do NOT sell, trade, or share your data with third parties. Your vault data is only accessible to you through your Google account.
Data Security
- Optional master password encryption (AES-GCM) for your vault
- Cloud data stored in Google Firebase with security rules restricting access to your UID only
- All authentication handled through Google's secure OAuth flow
Third-Party Services
Your Rights
You can:
- Use the Extension without signing in (local storage only)
- Delete your cloud data by signing out
- Export your data using the Recovery Tools in Settings
- Uninstall the Extension at any time to remove all local data
Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date.
Contact
For questions about this Privacy Policy, contact us at: instanthpi@gmail.com