Privacy Policy

EasySync is a Chrome extension and Android application that syncs one-time passwords (OTPs) from your phone to your browser so you can auto-fill them without switching devices. This Privacy Policy explains what data is collected, how it is used, and how it is protected.

1. Data We Collect

EasySync collects the minimum data necessary to deliver the service:

• OTP codes — the numeric code extracted from incoming SMS messages.
• Sender name / brand — the name of the service that sent the OTP (e.g. "Google"), derived from the SMS body.
• SMS body snippet — the full text of the incoming SMS, stored temporarily to display context in the app.
• Anonymous Firebase UID — a randomly generated identifier used to route OTPs to the correct browser. No email address, phone number, or personal identity is associated with this UID.
• Device model — the manufacturer and model of your Android phone, stored alongside the pairing record so the Chrome extension can display which device is connected.

2. How Data Is Used

• OTP codes and SMS content are transmitted in real time from your phone to your browser via Firebase Realtime Database using end-to-end authenticated channels.
• Data is used exclusively to auto-fill OTP codes in the Chrome browser. It is never used for advertising, analytics, or profiling.

3. Data Retention and Automatic Deletion

OTP data is designed to be ephemeral. We apply a strict automatic deletion policy:

• Immediate deletion on use — when you copy or auto-fill an OTP in Chrome, it is deleted from Firebase immediately.
• 30-second maximum lifetime — a scheduled Cloud Function deletes any OTP that has been in Firebase for more than 30 seconds, regardless of whether it was used.
• Pairing records — the pairing record (device model + anonymous UIDs) remains stored until you explicitly unpair the devices. You can do this at any time from the Chrome extension or the Android app.

No OTP data is retained on our servers beyond the 30-second window. We do not maintain logs or archives of OTP messages.

4. Data Sharing

We do not sell, rent, or share your data with any third parties. The only external service used is Firebase (Google LLC), which acts as a real-time message relay. Firebase processes data according to Google's Privacy Policy. OTP data transits Firebase servers only for the brief period described above and is never stored or processed by Firebase beyond that relay function.

Brand logo images are fetched from Logo.dev solely for display purposes. No OTP content or personal data is sent to Logo.dev.

5. Security

• All communication with Firebase uses TLS encryption in transit.
• Firebase Realtime Database security rules ensure that only the authenticated Chrome extension can read its own OTPs, and only the paired Android device can write to that location.
• Pairing uses a short-lived 6-digit PIN verified server-side via a Cloud Function. The PIN is deleted immediately after use.

6. Permissions

The Android app requests the following permissions:

• RECEIVE_SMS / READ_SMS — to detect incoming OTP messages and forward them to your browser.
• INTERNET — to transmit OTPs to Firebase.
• FOREGROUND_SERVICE — to keep the app listening for SMS while in the background.
• POST_NOTIFICATIONS — to show a persistent notification indicating the service is active (Android 13+).

The Chrome extension requests:

• storage — to cache OTPs locally so the popup loads instantly.
• tabs — to deliver OTP notifications to the active browser tab.
• alarms — to keep the background service alive.

7. Children's Privacy

EasySync is not directed at children under 13 years of age. We do not knowingly collect personal information from children.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected in the extension's update notes and on this page with a new effective date.

9. Contact

If you have any questions about this Privacy Policy, please open an issue on the project's GitHub repository or contact the developer directly.

EasySync — OTP Autofill for Android + Chrome