Privacy Policy

Effective Date: March 2, 2026

Last Updated: March 2, 2026

This Privacy Policy explains how QuickAuth ("we", "us", or "our") handles information when you use the QuickAuth Chrome extension ("Extension"). QuickAuth is designed to help users retrieve authentication codes (OTPs) from Gmail with minimal data exposure.

Why Gmail login is required: QuickAuth must authenticate with your Gmail account so it can read your most recent emails and identify OTP/authentication codes for the site you are currently logging into.

1. Data We Access

Gmail read-only data for connected accounts, limited to what is necessary to find recent authentication codes.
Basic account identifiers (such as connected Gmail address) for account management.
Current-tab context (such as page URL/hostname) when the user explicitly triggers the right-click QuickAuth action.

2. How We Use Data

To identify likely authentication-code emails in recent Gmail messages.
To display candidate codes in an in-page overlay for user copy action.
To support multi-account connection, default account selection, and reconnect state.
Specifically, Gmail access is used to query recent emails so QuickAuth can detect the latest OTP code when you trigger the extension.

3. Storage and Retention

QuickAuth stores account connection metadata and tokens in local extension storage (chrome.storage.local) on the user's device/profile.
QuickAuth does not store your emails, OTP contents, or your connected email account data on QuickAuth servers.
QuickAuth does not operate a backend service for storing user email content, account records, or OTP history.
Users can remove connected accounts at any time from the QuickAuth Accounts page, which removes local account records.

4. Data Sharing

We do not sell personal data.
We do not share Gmail content with advertising networks.
We do not send email content to third-party AI/LLM services.
Data is exchanged with Google APIs only as required for extension functionality.
No QuickAuth-owned server receives or stores your email data.

5. Permissions and Scope

OAuth scope used: https://www.googleapis.com/auth/gmail.readonly.
Host/API access is limited to Google endpoints needed for Gmail/OAuth operations.
User-triggered actions are required to fetch and display OTP candidates.

6. Security Practices

Least-privilege permission model focused on read-only Gmail access.
No remote-code execution model for core extension logic.
Account reconnect/removal controls exposed directly in the extension settings UI.
Email parsing and OTP extraction are performed locally within your browser context.

7. Local-Only Processing Commitment

QuickAuth is designed as a local-first extension. Aside from required requests to Google for OAuth and Gmail API reads initiated by you, QuickAuth does not transmit your email content to QuickAuth servers because we do not run a backend for this feature. Fetched emails stay on your system within browser/extension processing.

8. User Controls

Add, set default, reconnect, or remove Gmail accounts within QuickAuth Accounts.
Disable or uninstall the extension at any time through Chrome.
Revoke Google account access independently from your Google account security settings.

9. Children's Privacy

QuickAuth is not directed to children under 13 (or applicable minimum age in your jurisdiction), and we do not knowingly collect data from children.

10. International Use

The Extension may be used globally. By using QuickAuth, you acknowledge that data handling occurs as described in this policy and through Google services selected by the user.

11. Policy Updates

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last Updated" date above.

12. Contact

For privacy questions or requests, contact: [email protected]

Replace the contact email with your official support/legal contact before public launch.