TinyOTPTinyOTP

Privacy Policy

Last updated: February 11, 2026

This Privacy Policy describes how TinyOTP handles your information. The short version: we collect nothing. Your data never leaves your browser.

Our Privacy Commitment

TinyOTP operates with a strict zero-data-collection policy. We do NOT collect, store, or transmit your browsing history, OTP secrets, master password, IP address, or any personal information whatsoever.

How TinyOTP Works

When you use TinyOTP:

  • Your OTP secrets are stored exclusively in chrome.storage.local within your browser
  • TOTP codes are generated locally using the standard HMAC-SHA1 algorithm
  • If you enable a master password, secrets are encrypted with AES before storage
  • No data is ever sent to any remote server

Information We Collect

TinyOTP collects absolutely no personal data, usage analytics, or telemetry. The extension does not include any third-party analytics, tracking scripts, or data collection mechanisms.

The only data that exists is what you manually enter (account names, secret keys), and it is stored locally in your browser only.

Data Storage

All data is stored locally using the Chrome Extension Storage API:

  • OTP account information (names, issuers, secret keys)
  • Encrypted master password hash (if password protection is enabled)
  • Extension preferences

This data never leaves your device. When you uninstall the extension, all locally stored data is automatically deleted by the browser.

Third-Party Services

TinyOTP does not integrate with, connect to, or share data with any third-party services. There are no external API calls, no analytics platforms, and no advertising networks.

Data Retention

Since we do not collect any data, there is no data to retain. Your locally stored secrets exist only on your device and are removed when you uninstall the extension or clear your browser data.

Children's Privacy

TinyOTP does not knowingly collect information from anyone under the age of 13. The extension does not collect any personal information from any user regardless of age.

Your Rights

Since we do not collect personal data, there is no user data to access, modify, or delete. You have the right to:

  • Use TinyOTP without providing any personal information
  • Uninstall the extension at any time, which removes all local data
  • Clear your local settings through your browser
  • Contact us with privacy-related questions

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Contact Us

If you have any questions about this Privacy Policy, please contact us at: privacy@tinyotp.com

TinyOTP is committed to your privacy. Your authentication secrets never leave your device, and we have zero ability to access your data.