Privacy Policy

Effective Date: [04 March 2026] Developer: NineBit Computing Pvt. Ltd.

BeyondOTP is committed to protecting your privacy and ensuring the security of your data. This Privacy Policy explains how we collect, use, share, and retain information when you use the BeyondOTP app.

1. Data Collection

BeyondOTP collects the following information to operate the app and provide secure authentication workflows:

  • Account Information: Email or username used to create your BeyondOTP account.
  • Device Information: Device type, operating system, app version.
  • Workflow Data: Information generated as part of authentication workflows initiated by users.
  • Location Data: Collected only to offer app functionality (e.g., location-based workflow services).

2. How Data Is Used

Data is used solely for the following purposes:

  • Workflow Processing: Ensures authentication and workflow steps function correctly.
  • System-Generated Reports: Reports based on workflows initiated by users, which may be shared by the respective user via dashboard widgets in the app.
  • Analytics & System Improvement: Aggregate or anonymized data is used to improve app performance and security.

No hidden analytics or tracking occurs, and BeyondOTP does not sell individual user data.

3. Data Sharing

BeyondOTP does not share or sell individual user data with third parties. The only exceptions are trusted service providers like Firebase, used strictly to support app functionality, crash reporting, analytics, and notifications.

4. Data Retention

  • Individual workflow reports and account data are retained for 30 days.
  • After 30 days, only anonymized data remains in the system for analytics and system improvement.
  • Logs or other temporary system data necessary for security or fraud prevention may also be retained in anonymized form for up to 30 days.

5. Account Deletion

Users can request deletion of their account and associated personal data directly within the BeyondOTP app:

  1. Open the BeyondOTP app
  2. Go to Support
  3. Select “Delete Account”
  4. Submit the request

Your request is automatically forwarded to our support team along with your account identifier. Once verified, we permanently delete:

  • Your account profile information
  • Authentication data
  • Stored preferences and workflow identifiers

Account deletion may not be instantaneous if active workflows are ongoing. Deletion is completed once active workflows are safely terminated and anonymized logs are captured. This ensures system integrity and secure removal of your data.

Learn more: https://beyondotp.com/account-deletion

6. Security

BeyondOTP implements industry-standard security practices, including:

  • MASVS-L2 Alignment: Our app is designed and tested following the OWASP Mobile Application Security Verification Standard (MASVS-L2). This includes secure authentication, encrypted local storage, network security (TLS + certificate pinning), workflow integrity, and platform hardening.
  • QA Testing: Regular static, dynamic, and manual QA testing ensures workflows, OTP handling, and sensitive data remain secure.
  • Secure Communication: All network communications use HTTPS with proper certificate validation.

7. Consent & User Rights

  • By using BeyondOTP, you consent to this Privacy Policy and the collection, use, and retention of your data as described.
  • You have the right to request account deletion via the in-app process.
  • BeyondOTP respects your privacy and does not sell or share personal data for marketing purposes.

8. Contact Us

If you have questions, concerns, or requests regarding your data:

Email: support@ninebit.in Web: https://beyondotp.com/contact

Summary

  • BeyondOTP protects your data using strong, MASVS-L2-aligned security measures
  • Data is collected only for app functionality, workflow reporting, and analytics
  • Individual data is never sold, shared for marketing, or tracked secretly
  • Account deletion is handled securely via the app