I. General
(1) In the following, we inform you about the collection of personal data when using our website.
(2) The term "personal data" means, with reference to the definition of Article 4 No. 1 of Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR), all data that can be personally related to you. This includes, for example, name, address, email address, and user behavior.
(3) We process personal data only to the extent necessary to provide a functional website and the content and services offered by us. Personal data is regularly processed only if you have given us your consent within the meaning of Art. 6 (1) (a) GDPR or if the processing is permitted by statutory provisions, in particular by one of the legal bases mentioned in Art. 6 (1) (b) to (f) GDPR.
(4) Your personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. In addition, storage may take place if this has been provided for by national or European regulations to which we are subject. In this case, the data will be blocked or deleted when the storage period prescribed by the respective regulations has expired. The latter does not apply if further storage of the data is necessary for the conclusion or fulfillment of a contract.
(5) If we use commissioned service providers for individual functions of our website or use your data for communication purposes, we will inform you in detail about the respective processes below.
II. Responsible party
(1) The responsible party within the meaning of Art. 4 No. 7 GDPR and other applicable data protection regulations is:
AuthWire GmbH
Managing Director: Marc Riemer
Luener Rennbahn 9
21339 Lueneburg
Germany
Phone: +49 4131 9276650
Email: office@authwire.com
Register court: Amtsgericht Lueneburg
Register number: HRB 211579
(2) For further details on the responsible body, please refer to our imprint.
III. Your rights
(1) You have the following rights in relation to personal data concerning you:
- The right of access
- The right to rectification and erasure
- The right to restriction of processing
- The right to object to processing
- The right to data portability
(2) Additionally, you have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data.
IV. Processing of personal data during informational use of our website
(1) When you access our website without registering or otherwise providing us with information ("Informational Use"), we do not collect personal data beyond technically required connection data.
(2) The collection and temporary storage of the IP address is necessary to enable the delivery of our website to your terminal device. For this purpose, your IP address must be stored for the duration of your visit to our website.
V. Other functions and offers of our website
(1) In addition to the aforementioned informational use of our website, we offer services that you can use if you are interested. This usually requires the provision of further personal data. We need this data to provide the respective service. The aforementioned data processing principles apply.
(2) In some cases, we use external service providers to process this data. These service providers are carefully selected and commissioned by us, are bound by our instructions, and are regularly monitored. Insofar as personal data is passed on to third parties in the course of services we offer jointly with partners, more detailed information can be found in the descriptions of the individual services. If these third parties are based in a country outside the European Economic Area, more detailed information about the consequences of this circumstance can also be found there.
VI. Contacting us
(1) If you contact us by email, the personal data you send with your email will be stored.
(2) We also maintain a contact form on our website. The data entered in the input fields is transmitted to us and stored. This may include first name, last name, email address, and phone number.
(3) The data is used exclusively to answer your inquiry. Unless explicitly stated in this privacy policy, the data is not shared with third parties. In addition, we record your IP address and the time of transmission.
(4) The processing of the above personal data is solely for the purpose of handling your inquiry.
(5) The processing of further personal data generated through the use of the contact form serves to prevent misuse and to ensure the security of our information technology systems.
(6) This is also our legitimate interest in processing your personal data. Insofar as you have given consent, the legal basis is Art. 6 (1) (a) GDPR. Otherwise, the legal basis is Art. 6 (1) (f) GDPR, in particular when data is transmitted by sending us an email. Insofar as your request aims at the conclusion of a contract, Art. 6 (1) (b) GDPR constitutes an additional legal basis.
(7) Subject to statutory retention periods, the data will be deleted as soon as we have conclusively processed your request. When contacting us by email, you may object to the storage of your personal data at any time. In this case, your request cannot be processed further. You can declare revocation or objection by sending an email to the address stated in the imprint.
(8) We process and/or store personal data on servers of external providers in the European Union. This ensures adherence to European data protection standards and regulations.
VII. iOS App Privacy Information
The AuthWire iOS app does not process or store personal data.
(1) The app does not require user registration or an in-app login. It operates without collecting user names, email addresses, IP addresses, or other identifying data.
(2) Camera access is used exclusively for scanning QR codes to either link the device to an existing backend system or to import a cryptographic seed from a third-party application. No photos or videos are stored or transmitted at any time.
(3) The app generates and stores cryptographic secrets securely on the device using Apple Secure Enclave. For TOTP-based authentication, the cryptographic seed is provisioned by the backend system during device registration. These secrets remain stored on the device and are never shared with third parties beyond the issuing platform.
(4) The app does not use tracking, analytics, or third-party SDKs that transmit data externally. It does not access location data, contacts, or other sensitive system data.
(5) Authentication operations rely entirely on on-device key material. The app implements strong multi-factor authentication in accordance with modern security frameworks such as NIST SP 800-63B (AAL3).