01 What we collect
Nothing. Auther does not collect, transmit, or store any personal information on our side. We operate no backend server, so there is no place for your data to be sent even if we wanted it.
Everything you save — logins, passwords, two-factor (TOTP) secrets, passkeys, payment cards, and notes — is created and kept on your device. We never see it.
02 No account, no login
Auther has no sign-up, no email registration, and no user accounts. You unlock the app with a master password you choose, protected by Face ID or Touch ID on your device.
Your master password is never stored and never leaves your device. It is used locally to derive the key that encrypts your vault. Because we never receive it, we cannot reset it and we cannot read your vault.
03 Where your data lives
Your encrypted vault is stored in two places, both under your control:
- On your devices — encrypted at rest using the key derived from your master password.
- In your own iCloud — if you enable sync, your vault syncs across your Apple devices through iCloud (CloudKit) with end-to-end encryption. It travels and rests encrypted; Apple cannot read it and neither can we.
iCloud sync is optional. If you turn it off, your data never leaves the device it was created on.
04 Breach checking
Auther can check whether your passwords have appeared in known data breaches using the "Have I Been Pwned" service. This check uses k-anonymity: only the first five characters of a password's hash are ever sent, and the full password — or anything derived from it that could identify you — is never transmitted.
Breach checking is optional and runs only when you ask for it.
05 Analytics & tracking
Auther contains no analytics SDKs, no crash-tracking that identifies you, no advertising, and no third-party trackers. We do not build a profile of you, because we have no way to receive data about you in the first place.
06 Third parties
The only third parties involved are the platforms you already use:
- Apple — provides iCloud sync (end-to-end encrypted) and processes subscription payments through the App Store. Apple's handling of your data is governed by Apple's own privacy policy.
- Have I Been Pwned — receives only a partial, anonymized password hash when you run a breach check, as described above.
We do not sell, rent, or share your data with anyone. There is nothing to sell.
07 Children
Auther is not directed at children under 13. Because we collect no personal information from anyone, we do not knowingly collect information from children.
08 Changes to this policy
If we change this policy, we will update the date at the top of this page and, where appropriate, note the change in the app. Continued use of Auther after an update means you accept the revised policy.
09 Contact
Questions about privacy? Email hi@dwirandyh.dev and we'll get back to you.