Legal — Toqen

Privacy Policy

This Privacy Policy describes how Toqen.app processes data in connection with authentication, access management, and application security.

TL;DR

  • Toqen processes only the data required to provide secure authentication and access.
  • Sensitive data is stored locally on the device using secure storage.
  • Authentication is based on device verification and cryptographic signatures.
  • Temporary data is automatically deleted after expiration.
  • Users remain in control of their data and access.

Data Collection

Toqen.app does not collect personal data for tracking or advertising purposes. The application processes only the minimal data required to provide authentication, access functionality, and security.

Tracking

Toqen.app does not track users across apps or websites and does not use data for advertising or profiling purposes.

Data Processed

Toqen.app processes limited technical and authentication-related data required to provide access functionality and maintain security.

  • Device-related data such as device identifiers and public keys generated during device registration.
  • Authentication data including temporary challenges, request identifiers, and cryptographic signatures used for access verification.
  • Technical metadata such as IP address, timestamps, and basic device or application information processed solely for security, fraud prevention, and service integrity.
  • Optional data provided by the user for recovery or support purposes, where such features are used.

Local Data Storage

Sensitive data is stored locally on the user’s device using secure storage mechanisms provided by the operating system.

  • Device private keys used to sign authentication challenges.
  • Encrypted vault data containing access-related information.
  • TOTP secrets where applicable.

This data remains on the device and is not transmitted to Toqen servers.

Purpose of Processing

  • Providing authentication and access confirmation.
  • Verifying device identity through cryptographic signatures.
  • Ensuring system security and preventing unauthorized access.
  • Maintaining service stability and detecting abuse.
  • Supporting optional recovery and support functionality.

Legal Basis

Processing is carried out in accordance with applicable data protection laws.

  • Performance of a contract where processing is necessary to provide authentication and access services.
  • Legitimate interests in ensuring security, preventing abuse, and maintaining system integrity.
  • Consent where optional features involve user-provided data.

Data Sharing

Toqen.app does not sell personal data.

  • Authentication-related data may be shared with the requesting service to complete access verification.
  • Technical data may be processed by infrastructure providers strictly for hosting, security, and service operation purposes under applicable data protection agreements.
  • Data sharing is limited to what is required for the functionality of the service.

Data Retention

  • Temporary authentication data is automatically deleted after expiration.
  • Security logs are retained only as long as necessary for operational and security purposes.
  • Data stored locally on the device remains until removed by the user.

Security Measures

  • Use of cryptographic signatures for authentication.
  • Secure storage of sensitive data on the device.
  • Encrypted communication between the application and backend services.
  • Access confirmation requiring explicit user interaction.

Third-Party Services

Services integrating Toqen act independently and are responsible for their own data processing practices and compliance obligations.

User Rights

  • Right to access personal data.
  • Right to request correction or deletion.
  • Right to restrict or object to processing where applicable.
  • Right to data portability where applicable.

Users may exercise their rights by contacting hi@toqen.app. Requests will be processed in accordance with applicable laws.

Data Deletion

Users may request deletion of any server-side data by contacting hi@toqen.app. Requests will be processed in accordance with applicable laws and technical feasibility.

Children’s Privacy

The service is not intended for children. Toqen.app does not knowingly collect personal data from children.

International Data Transfers

Data may be processed in different jurisdictions depending on infrastructure providers. Such processing is carried out in accordance with applicable data protection laws.

Changes to this Policy

This Privacy Policy may be updated to reflect changes in the service or legal requirements. The updated version will include a revised date.

Data Controller and Contact

Data ControllerAnton Minin Baranovskii
LocationArgentina
Emailhi@toqen.app
ServiceToqen.app