Privacy Policy

Last updated: March 17, 2026

Authra is a browser extension designed to help users manage and use time-based one-time passwords (TOTP) for two-factor authentication.

1. What data Authra processes

Authra may process the following data only as needed to provide its core functionality:

• TOTP account labels and locally stored settings.
• TOTP secrets provided by the user.
• QR code images provided by the user for importing an authenticator account.

2. How data is used

Authra uses this data only to provide the extension’s user-facing authentication features, including:

• importing authenticator accounts,
• decoding QR codes,
• generating TOTP codes,
• displaying and refreshing authentication codes in the extension interface.

3. QR image decoding

When the user chooses to import an account from a QR code, the QR image may be transmitted to Authra’s server for decoding. The purpose of this transmission is only to extract the TOTP provisioning data contained in the QR code.

Authra does not store the uploaded QR image after decoding is completed. Authra also does not store the decoded QR image itself as a file. If the TOTP secret is successfully extracted, it may be stored locally in the browser only if required to create the authenticator entry selected by the user.

4. Data storage

Authra stores authenticator data and extension settings locally in the browser using the browser storage API, only as required for the extension to function.

QR code images sent for decoding are processed transiently and are not retained after processing, unless retention is required for short-term technical debugging or security protection.

5. Data sharing

Authra does not sell user data and does not share user data with advertisers or data brokers.

Data may be transmitted only to the server infrastructure used by Authra to decode QR images when the user explicitly uses the QR import feature. This processing is limited to providing the extension’s single purpose functionality.

6. Browsing activity

Authra is not intended to collect browsing history for advertising or profiling purposes. Any page access used by the extension is limited to delivering the extension’s user-facing authentication functionality.

7. Permissions

• storage — used to save local authenticator data and settings.
• alarms — used to keep authentication code refresh timing synchronized.
• host permissions — if requested, used only to support user-facing authentication features on relevant pages.

8. Security

Authra is designed to limit data use to its core authentication purpose. The extension does not use collected data for advertising, profiling, or unrelated analytics.

9. Third-party services

If Authra uses server or hosting providers to process QR decoding requests, those providers act only as infrastructure services necessary to operate the extension feature requested by the user.

10. Contact

If you have any questions about this Privacy Policy, contact the developer at:
kaunazauna@gmail.com