Privacy-first design

User privacy has been a top concern since our inception

Customer-centric

Our products were built of personal necessity, not greed. We truly want to do good for end users.

Looking out for end-users

We care about your privacy

We want to give you control over your online identity by placing your private key securely in your phone, in your possession.

FUTO Pledge

We are a FUTO-affliated company and ahere to their customer-centric pledge.

Secure by Design Pledge

We have taken the CISA plede, and we are serious about holding ourselves, and the other pledgers, accountable.

  • End-to-end Encryption

    Decentralized

    Open Source

    No Data Sharing

    Anti-Tracking Technology

    End-user-centric Design

Privacy-first design

User privacy has been a top concern since our inception

Customer-centric

Our products were built of personal necessity, not greed. We truly want to do good for end users.

Looking out for end-users

We care about your privacy

We want to give you control over your online identity by placing your private key securely in your phone, in your possession.

FUTO Pledge

We are a FUTO-affliated company and ahere to their customer-centric pledge.

Secure by Design Pledge

We have taken the CISA plede, and we are serious about holding ourselves, and the other pledgers, accountable.

  • End-to-end Encryption

    Decentralized

    Open Source

    No Data Sharing

    Anti-Tracking Technology

    End-user-centric Design

Privacy-first design

User privacy has been a top concern since our inception

Customer-centric

Our products were built of personal necessity, not greed. We truly want to do good for end users.

Looking out for end-users

We care about your privacy

We want to give you control over your online identity by placing your private key securely in your phone, in your possession.

FUTO Pledge

We are a FUTO-affliated company and ahere to their customer-centric pledge.

Secure by Design Pledge

We have taken the CISA plede, and we are serious about holding ourselves, and the other pledgers, accountable.

  • End-to-end Encryption

    Decentralized

    Open Source

    No Data Sharing

    Anti-Tracking Technology

    End-user-centric Design

Data that we DO NOT collect

Location

We will never collect your location, nor will we allow employers to collect data from your phone. There are plenty of other services that do this, but we will never be one of them.

PII

Outside of your email, first name, and last name, we will never ask for any personally identifiable information (PII). We just provide secure authentication and communication, the other services can handle the PII.

Personal Usage

What you do with our products in your personal life is your business.

What you do with your employer's resources is literally their business and they have a right to know.

Data that we DO collect

Crash Dumps

Public Key Data

Logs

Usage Metrics

Billing Info

We use Sentry to collect crash dumps from all of our products to make sure that we aware of problems and can fix this as fast as possible. Similarly, we use Mender to manage firmware updates and perform remote debugging for our hardware readers. We encourage all of our customers to proper VLANs and network isolation with our hardware and other IoT devices.

Data that could be infered

While we do not collect this data explicitly, we want to be transparent about exactly what Allthenticate does have access to.


When you are using our product

The app connects to our servers using SocketIO (HTTPS) to handle web login attempts, receive updated access control lists, and communicate with other resources in our ecosystem.

Thus, it is technically possible to infer when a particular user is using the app (we must know which phone belongs to which user to send the appropriate request) and must similarly know which resource they are interacting with (the origin of the request).


Where you work

Your account is necessarily bound with your employers.


Your role at work

Employers may create groups, which might be very descriptive (e.g., IT Staff), and therefore is visible in our database.


Data that we DO NOT collect

Location

We will never collect your location, nor will we allow employers to collect data from your phone. There are plenty of other services that do this, but we will never be one of them.

PII

Outside of your email, first name, and last name, we will never ask for any personally identifiable information (PII). We just provide secure authentication and communication, the other services can handle the PII.

Personal Usage

What you do with our products in your personal life is your business.

What you do with your employer's resources is literally their business and they have a right to know.

Data that we DO collect

Crash Dumps

Public Key Data

Logs

Usage Metrics

Billing Info

We use Sentry to collect crash dumps from all of our products to make sure that we aware of problems and can fix this as fast as possible. Similarly, we use Mender to manage firmware updates and perform remote debugging for our hardware readers. We encourage all of our customers to proper VLANs and network isolation with our hardware and other IoT devices.

Data that could be infered

While we do not collect this data explicitly, we want to be transparent about exactly what Allthenticate does have access to.


When you are using our product

The app connects to our servers using SocketIO (HTTPS) to handle web login attempts, receive updated access control lists, and communicate with other resources in our ecosystem.

Thus, it is technically possible to infer when a particular user is using the app (we must know which phone belongs to which user to send the appropriate request) and must similarly know which resource they are interacting with (the origin of the request).


Where you work

Your account is necessarily bound with your employers.


Your role at work

Employers may create groups, which might be very descriptive (e.g., IT Staff), and therefore is visible in our database.


Data that we DO NOT collect

Location

We will never collect your location, nor will we allow employers to collect data from your phone. There are plenty of other services that do this, but we will never be one of them.

PII

Outside of your email, first name, and last name, we will never ask for any personally identifiable information (PII). We just provide secure authentication and communication, the other services can handle the PII.

Personal Usage

What you do with our products in your personal life is your business.

What you do with your employer's resources is literally their business and they have a right to know.

Data that we DO collect

Crash Dumps

Public Key Data

Logs

Usage Metrics

Billing Info

We use Sentry to collect crash dumps from all of our products to make sure that we aware of problems and can fix this as fast as possible. Similarly, we use Mender to manage firmware updates and perform remote debugging for our hardware readers. We encourage all of our customers to proper VLANs and network isolation with our hardware and other IoT devices.

Data that could be infered

While we do not collect this data explicitly, we want to be transparent about exactly what Allthenticate does have access to.


When you are using our product

The app connects to our servers using SocketIO (HTTPS) to handle web login attempts, receive updated access control lists, and communicate with other resources in our ecosystem.

Thus, it is technically possible to infer when a particular user is using the app (we must know which phone belongs to which user to send the appropriate request) and must similarly know which resource they are interacting with (the origin of the request).


Where you work

Your account is necessarily bound with your employers.


Your role at work

Employers may create groups, which might be very descriptive (e.g., IT Staff), and therefore is visible in our database.


Our Pledge to You

We will always maintain an honest relationship with you about what data we collect and how it is used.

We will never sell your data

We sell authentication products, not data. While we will use analytics data internally to optimize our products and your experience, we will never sell any of your data, including whether or not you are a user, to external firms.

We will never abuse our power

As an authentication company, we work in a critical layer of your stack. We will never use this power to unlock things that we should not.

No Tracking

Nothing from your phone that can be used to track you will ever be sent to us or your employer.

Will will protect your data

While 100% security guarantees are impossible, we will always use best practices and employ the best security principals to protect our customers data.


Moreover, if we fail at protecting your data or your security in any way, you will be first to know.

Our Pledge to You

We will always maintain an honest relationship with you about what data we collect and how it is used.

We will never sell your data

We sell authentication products, not data. While we will use analytics data internally to optimize our products and your experience, we will never sell any of your data, including whether or not you are a user, to external firms.

We will never abuse our power

As an authentication company, we work in a critical layer of your stack. We will never use this power to unlock things that we should not.

No Tracking

Nothing from your phone that can be used to track you will ever be sent to us or your employer.

Will will protect your data

While 100% security guarantees are impossible, we will always use best practices and employ the best security principals to protect our customers data.


Moreover, if we fail at protecting your data or your security in any way, you will be first to know.

Our Pledge to You

We will always maintain an honest relationship with you about what data we collect and how it is used.

We will never sell your data

We sell authentication products, not data. While we will use analytics data internally to optimize our products and your experience, we will never sell any of your data, including whether or not you are a user, to external firms.

We will never abuse our power

As an authentication company, we work in a critical layer of your stack. We will never use this power to unlock things that we should not.

No Tracking

Nothing from your phone that can be used to track you will ever be sent to us or your employer.

Will will protect your data

While 100% security guarantees are impossible, we will always use best practices and employ the best security principals to protect our customers data.


Moreover, if we fail at protecting your data or your security in any way, you will be first to know.

Privacy-Preserving by Design

When designing our architecture, goal was to protect everyone's privacy, even if we went totally rouge. So, there are preventive measures in the core architecture.

When designing our architecture, goal was to protect everyone's privacy, even if we went totally rouge. So, there are preventive measures in the core architecture.

Phones Listen, Not Beacon

Our app passively listens for BLE beacons and will only take any action when a device that it cryptographically recognizes is nearby. This prevents any attempt of tracking users phones.

Our app passively listens for BLE beacons and will only take any action when a device that it cryptographically recognizes is nearby. This prevents any attempt of tracking users phones.

Anonymized Identity

Every phone, door, computer, etc. only exposes a random UUID and public key that has no association to their identity.

Every phone, door, computer, etc. only exposes a random UUID and public key that has no association to their identity.

End-to-end Encryption

Since every device in our ecosystem talks directly to each other over encrypted channels, there is no way to infer what actions are being performed by an outsider.

Since every device in our ecosystem talks directly to each other over encrypted channels, there is no way to infer what actions are being performed by an outsider.

Open-Source Software

We will always be as open as possible

ABle

Check out our multi-platform BLE library

Able stands for Allthenticate's BLE Peripheral Library. It serves the purpose of enabling the abstraction of using a BLE Peripheral on Ubuntu, macOS, and Windows based systems without having to adapt your software to have platform specific support.

Open-Source Software

We will always be as open as possible

ABle

Check out our multi-platform BLE library

Able stands for Allthenticate's BLE Peripheral Library. It serves the purpose of enabling the abstraction of using a BLE Peripheral on Ubuntu, macOS, and Windows based systems without having to adapt your software to have platform specific support.

Open-Source Software

We will always be as open as possible

ABle

Check out our multi-platform BLE library

Able stands for Allthenticate's BLE Peripheral Library. It serves the purpose of enabling the abstraction of using a BLE Peripheral on Ubuntu, macOS, and Windows based systems without having to adapt your software to have platform specific support.

More questions about privacy?

How do I delete my account permanently?

How do I know I can trust Allthenticate?

How do I propose ideas for making Allthenticate even better?

How long are logs kept?

Can my employer track me through the Allthenticator app?

More questions about privacy?

How do I delete my account permanently?

How do I know I can trust Allthenticate?

How do I propose ideas for making Allthenticate even better?

How long are logs kept?

Can my employer track me through the Allthenticator app?

More questions about privacy?

How do I delete my account permanently?

How do I know I can trust Allthenticate?

How do I propose ideas for making Allthenticate even better?

How long are logs kept?

Can my employer track me through the Allthenticator app?

808 Travis St, Houston TX 77002

(281) 971-0773

Contact Allthenticate

808 Travis St, Houston TX 77002

(281) 971-0773

Contact Allthenticate

808 Travis St, Houston TX 77002

(281) 971-0773

Contact Allthenticate