Privacy Policy

Effective Date: March 2, 2026

Last Updated: March 2, 2026

This Privacy Policy explains how QuickAuth ("we", "us", or "our") handles information when you use the QuickAuth Chrome extension ("Extension"). QuickAuth is designed to help users retrieve authentication codes (OTPs) from Gmail with minimal data exposure.

1. Data We Access

Gmail read-only data for connected accounts, limited to what is necessary to find recent authentication codes.
Basic account identifiers (such as connected Gmail address) for account management.
Current-tab context (such as page URL/hostname) when the user explicitly triggers the right-click QuickAuth action.

2. How We Use Data

To identify likely authentication-code emails in recent Gmail messages.
To display candidate codes in an in-page overlay for user copy action.
To support multi-account connection, default account selection, and reconnect state.

3. Storage and Retention

QuickAuth stores account connection metadata and tokens in local extension storage (chrome.storage.local) on the user's device/profile.
QuickAuth does not operate a backend database for user email content.
Users can remove connected accounts at any time from the QuickAuth Accounts page, which removes local account records.

4. Data Sharing

We do not sell personal data.
We do not share Gmail content with advertising networks.
We do not send email content to third-party AI/LLM services.
Data is exchanged with Google APIs only as required for extension functionality.

5. Permissions and Scope

OAuth scope used: https://www.googleapis.com/auth/gmail.readonly.
Host/API access is limited to Google endpoints needed for Gmail/OAuth operations.
User-triggered actions are required to fetch and display OTP candidates.

6. Security Practices

Least-privilege permission model focused on read-only Gmail access.
No remote-code execution model for core extension logic.
Account reconnect/removal controls exposed directly in the extension settings UI.

7. User Controls

Add, set default, reconnect, or remove Gmail accounts within QuickAuth Accounts.
Disable or uninstall the extension at any time through Chrome.
Revoke Google account access independently from your Google account security settings.

8. Children's Privacy

QuickAuth is not directed to children under 13 (or applicable minimum age in your jurisdiction), and we do not knowingly collect data from children.

9. International Use

The Extension may be used globally. By using QuickAuth, you acknowledge that data handling occurs as described in this policy and through Google services selected by the user.

10. Policy Updates

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last Updated" date above.

11. Contact

For privacy questions or requests, contact: [email protected]

Replace the contact email with your official support/legal contact before public launch.