Information that we don’t touch
- We do not ask and do not use your e-mail, phone number, passport number.
- We do not ask and do not use your geo-location.
- We do not ask and do not use your contact list.
- We do not ask and do not use your calendar
- We do not sell your content.
- We do not send e-mail news/announcement.
- We do not keep your action log.
- Our application doesn’t work and doesn’t send data and doesn’t receive data over any network.
- We do not create and do not use cookie-files.
What information we collect and why
We keep only two your personal keys that are generated for you in a payment system, client of that you are. Each key is a unique sequence of symbols, created by special math algorithms and associated with your user in your payment system. By those keys, our application generates one-time codes/passwords that you should input in internet-bank of payment system. So it is additional authorization of your actions in internet-bank and is additional security of your money. As user inputs one-time code the payment system verifies whether the code was created by key of the same user. If not – the payment system denies current user action request.
How we protect your saved information
We secure your keys.
After keys are imported no one user of application can see or export or copy keys. At all.
In the mobile device keys are saved in an area specially purposed by Android for keeping secret data. That area is inaccessible for user operations with file system. Also keys are encrypted by algorithms AES, PKDF2 and user passcode.
So what can be done with imported keys besides to generate one-time codes? User can either delete them in application within resetting passcode or change keys, importing other ones. New keys will erase old ones. When application is being deleted imported keys are being deleted too.
The application requires only access to camera. Camera is used to scan QR-codes from internet-bank pages to import keys and to generate one-time code to sign payments.