Privacy Policy

This Privacy Policy explains how ShareOTP collects, uses, and shares information when you use our web-based platform for securely sharing and governing time-based one-time password (TOTP) access within teams.

Account and organization details: email address, name, role, organization name, and authentication details required to create and manage your workspace.

TOTP workspace data: account names, issuers, tags, encrypted TOTP secrets, and permissions needed to generate codes and control access.

Audit and usage data: records of access, changes, invitations, and administrative actions (including timestamps), along with IP address and user agent for security and compliance.

Communications: support requests and email correspondence, including verification and invitation emails we send to you.

Cookies and similar technologies: required cookies for authentication and security (for example, CSRF protection).

Provide and secure the service, including generating TOTP codes, enforcing permissions, and keeping your workspace operational.

Authenticate users, prevent fraud, and investigate suspicious activity.

Send essential service communications such as verification, invitations, and operational notices.

Maintain audit trails, analytics for service reliability, and plan-based audit retention.

Respond to support requests and improve the product experience.

Within your organization: administrators and authorized members can view relevant workspace and user details based on their permissions.

Service providers: we use trusted vendors to host the service, deliver email, and process payments. These providers are limited to performing services on our behalf.

Legal and safety: we may disclose information if required by law or to protect ShareOTP, our users, or the public.

We do not sell personal information.

ShareOTP encrypts TOTP secrets at rest and in transit, applies role-based permissions, and logs access events for auditability.

No security program is perfect. You are responsible for safeguarding your credentials and configuring access appropriately.

We keep account and workspace data for as long as your organization maintains an active account or as needed to provide the service.

Audit logs are retained based on your plan and may be automatically deleted after the retention period expires.

If you close your account, we will delete or de-identify data in accordance with our retention practices and legal obligations.

You can update profile details, manage team members, and revoke access within the ShareOTP app based on your role.

If you need help deleting user or organization data, contact [email protected].

ShareOTP may process data in the United States and other countries where we or our service providers operate. We take steps to protect data regardless of where it is processed.

ShareOTP is not directed to children under 13, and we do not knowingly collect personal information from children.

We may update this Privacy Policy from time to time. If changes are material, we will provide notice within the product or by email.

Questions about this Privacy Policy can be sent to [email protected].