Privacy Policy
Last updated: April 2026
Our Commitment to Privacy
2FA.tools is designed with privacy as its core principle. We believe that your authentication secrets should remain completely under your control — never transmitted, never stored on any server, and never shared with any third party.
Data Collection
We do not collect any personal data. Specifically:
- No cookies are used
- No analytics or tracking scripts are loaded
- No user accounts or registration is required
- No data is sent to any server
- No advertising networks are integrated
How TOTP Keys Are Handled
When you enter a TOTP secret key on 2FA.tools:
- The key is processed entirely in your browser using the Web Crypto API
- The key is never transmitted over the network
- The key is never stored in any persistent storage (localStorage, cookies, or databases)
- Once you close or refresh the page, all entered keys are permanently discarded
Third-Party Services
2FA.tools loads the following external resources for UI purposes only:
- Google Fonts — for typography (Inter, JetBrains Mono)
- Font Awesome — for icons (loaded via CDN)
These services may collect anonymized usage data according to their own privacy policies. No data specific to your TOTP secrets is shared with these services.
PWA & Offline Usage
2FA.tools can be installed as a Progressive Web App (PWA). When installed, it caches only the application code for offline access. No user data is cached or stored locally by the service worker.
Transparency
2FA.tools is provided by wRock.org. All operations happen client-side in your browser, ensuring complete transparency and privacy.
Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be reflected on this page with an updated "Last updated" date.
Contact
If you have any questions about this Privacy Policy, please contact us via wRock.org.