Product Policy
DD Auth
Product-Specific Policy
1.0
DD Auth Terms of Service
Last Updated: January 1, 2026
Important Notice
This is a product-specific policy. In case of any conflict between this policy and our Common Policies, this product-specific policy shall prevail for the applicable product.
Found matches
No matches found for ""
Table of Contents
1. Agreement to Terms
By accessing or using DD Auth services ("Services"), including DD Auth Web Application (auth.duodev.in), DD Auth Mobile Application (in.duodev.auth), DD Accounts (accounts.duodev.in), and related APIs and integrations, you agree to be bound by these Terms of Service. If you disagree with any part of these Terms, you may not access the Services.
2. Description of Services
DD Auth Web Application:
• Password Management - Store, organize, and manage login credentials
• TOTP Authentication - Generate and manage two-factor authentication codes
• Secure Notes - Store sensitive text information securely
• Cross-Device Sync - Synchronize vault data across devices
DD Auth Mobile Application:
• OAuth2/OIDC Authentication - Secure single sign-on using PKCE flow
• TOTP Code Generation - Time-based one-time password generation
• Password Vault - Mobile access to secure credentials
• Biometric Security - Fingerprint and face recognition unlock
• QR Code Scanning - Easy account setup via QR codes
• Import/Export - Backup and migrate from other authenticator apps
• Offline Access - Access codes without internet connection
DD Accounts:
• Single Sign-On (SSO) - Centralized authentication for DD applications
• User Management - Account creation and profile management
• Secure Token Management - OAuth2 access and refresh tokens
• Multi-Device Support - Authenticate across multiple devices
• Password Management - Store, organize, and manage login credentials
• TOTP Authentication - Generate and manage two-factor authentication codes
• Secure Notes - Store sensitive text information securely
• Cross-Device Sync - Synchronize vault data across devices
DD Auth Mobile Application:
• OAuth2/OIDC Authentication - Secure single sign-on using PKCE flow
• TOTP Code Generation - Time-based one-time password generation
• Password Vault - Mobile access to secure credentials
• Biometric Security - Fingerprint and face recognition unlock
• QR Code Scanning - Easy account setup via QR codes
• Import/Export - Backup and migrate from other authenticator apps
• Offline Access - Access codes without internet connection
DD Accounts:
• Single Sign-On (SSO) - Centralized authentication for DD applications
• User Management - Account creation and profile management
• Secure Token Management - OAuth2 access and refresh tokens
• Multi-Device Support - Authenticate across multiple devices
3. Eligibility
To use our Services, you must:
• Be at least 13 years of age (or minimum age in your jurisdiction)
• Provide accurate and complete registration information
• Maintain the security of your account credentials
• Not be prohibited from using the Services under applicable law
• Be at least 13 years of age (or minimum age in your jurisdiction)
• Provide accurate and complete registration information
• Maintain the security of your account credentials
• Not be prohibited from using the Services under applicable law
4. Account Security
You are responsible for:
• Master Password - Creating and remembering a strong master password
• Account Credentials - Keeping your login credentials confidential
• Unauthorized Access - Notifying us immediately of any unauthorized access
• Device Security - Securing devices used to access the Services
Important: We cannot recover your vault data if you lose your master password. We do not store your master password and have no way to decrypt your vault without it.
• Master Password - Creating and remembering a strong master password
• Account Credentials - Keeping your login credentials confidential
• Unauthorized Access - Notifying us immediately of any unauthorized access
• Device Security - Securing devices used to access the Services
Important: We cannot recover your vault data if you lose your master password. We do not store your master password and have no way to decrypt your vault without it.
5. Acceptable Use
You agree to:
• Use the Services only for lawful purposes
• Not use the Services to store illegal content
• Not attempt to breach our security measures
• Not reverse engineer or decompile our software
• Not interfere with or disrupt the Services
• Comply with all applicable laws and regulations
• Use the Services only for lawful purposes
• Not use the Services to store illegal content
• Not attempt to breach our security measures
• Not reverse engineer or decompile our software
• Not interfere with or disrupt the Services
• Comply with all applicable laws and regulations
6. Prohibited Activities
You may NOT use the Services to:
• Store passwords for accounts you don't own
• Facilitate unauthorized access to third-party services
• Distribute malware, viruses, or harmful code
• Conduct phishing or social engineering attacks
• Engage in identity theft or fraud
• Violate the rights of others
• Circumvent security features
• Access the Services through automated means without authorization
• Store passwords for accounts you don't own
• Facilitate unauthorized access to third-party services
• Distribute malware, viruses, or harmful code
• Conduct phishing or social engineering attacks
• Engage in identity theft or fraud
• Violate the rights of others
• Circumvent security features
• Access the Services through automated means without authorization
7. End-to-End Encryption
Our Services use end-to-end encryption (E2EE) where:
• You control the encryption keys derived from your master password
• We cannot access the plaintext contents of your vault
• Data is encrypted using AES-256-GCM before transmission
• Zero-knowledge architecture means we store only encrypted data
Encryption Limitations:
• If you lose your master password, we CANNOT recover your data
• We cannot assist law enforcement in decrypting your data
• Security depends on the strength of your master password
• Client-side compromise could expose your data
• You control the encryption keys derived from your master password
• We cannot access the plaintext contents of your vault
• Data is encrypted using AES-256-GCM before transmission
• Zero-knowledge architecture means we store only encrypted data
Encryption Limitations:
• If you lose your master password, we CANNOT recover your data
• We cannot assist law enforcement in decrypting your data
• Security depends on the strength of your master password
• Client-side compromise could expose your data
8. Import and Export
You can export your vault data in multiple formats:
• DD Auth Encrypted (recommended) - Password-protected backup
• DD Auth JSON - Plaintext format for advanced users
• TOTP URI - Standard otpauth:// format
• CSV - Spreadsheet-compatible format
DD Auth supports importing from: Google Authenticator, Microsoft Authenticator, Authy, 1Password, LastPass, Bitwarden, Aegis Authenticator, andOTP, Raivo OTP, 2FAS, and Generic QR codes.
IMPORTANT: Exporting data in plaintext formats exposes your credentials. You are responsible for securing exported files.
• DD Auth Encrypted (recommended) - Password-protected backup
• DD Auth JSON - Plaintext format for advanced users
• TOTP URI - Standard otpauth:// format
• CSV - Spreadsheet-compatible format
DD Auth supports importing from: Google Authenticator, Microsoft Authenticator, Authy, 1Password, LastPass, Bitwarden, Aegis Authenticator, andOTP, Raivo OTP, 2FAS, and Generic QR codes.
IMPORTANT: Exporting data in plaintext formats exposes your credentials. You are responsible for securing exported files.
9. Intellectual Property
We retain all rights to:
• The DD Auth software and source code
• DD Auth mobile application
• Duo Dev Technologies branding, logos, and trademarks
• Documentation and user interfaces
• APIs and protocols
You retain ownership of:
• Your vault data and credentials
• Information you upload or store
• Custom configurations
• The DD Auth software and source code
• DD Auth mobile application
• Duo Dev Technologies branding, logos, and trademarks
• Documentation and user interfaces
• APIs and protocols
You retain ownership of:
• Your vault data and credentials
• Information you upload or store
• Custom configurations
10. Service Availability
We strive to maintain high availability but do not guarantee:
• Uninterrupted access to the Services
• Error-free operation
• Compatibility with all devices or browsers
• Availability during maintenance windows
We reserve the right to:
• Modify or discontinue features
• Update the Services
• Change pricing (with notice)
• Deprecate legacy features
• Uninterrupted access to the Services
• Error-free operation
• Compatibility with all devices or browsers
• Availability during maintenance windows
We reserve the right to:
• Modify or discontinue features
• Update the Services
• Change pricing (with notice)
• Deprecate legacy features
11. Disclaimer of Warranties
THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO:
• MERCHANTABILITY - Fitness for a particular purpose
• NON-INFRINGEMENT - Freedom from third-party claims
• SECURITY - Absolute security of data
• AVAILABILITY - Uninterrupted access
We do not warrant that:
• The Services will meet your requirements
• The Services will be uninterrupted or error-free
• Results obtained will be accurate or reliable
• Defects will be corrected
• MERCHANTABILITY - Fitness for a particular purpose
• NON-INFRINGEMENT - Freedom from third-party claims
• SECURITY - Absolute security of data
• AVAILABILITY - Uninterrupted access
We do not warrant that:
• The Services will meet your requirements
• The Services will be uninterrupted or error-free
• Results obtained will be accurate or reliable
• Defects will be corrected
12. Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY LAW:
We shall not be liable for:
• Indirect damages - Including lost profits, data loss, or business interruption
• Consequential damages - Arising from use of the Services
• Punitive damages - In connection with these Terms
• Damages from data loss - Including lost passwords or TOTP secrets
Our total liability shall not exceed:
• The amount you paid us in the 12 months preceding the claim, OR
• $100 USD, whichever is greater
We shall not be liable for:
• Indirect damages - Including lost profits, data loss, or business interruption
• Consequential damages - Arising from use of the Services
• Punitive damages - In connection with these Terms
• Damages from data loss - Including lost passwords or TOTP secrets
Our total liability shall not exceed:
• The amount you paid us in the 12 months preceding the claim, OR
• $100 USD, whichever is greater
13. Termination
By You: You may terminate your account at any time by using the account deletion feature, contacting support, or stopping use of the Services.
By Us: We may terminate or suspend your account for violation of these Terms, suspected fraudulent activity, extended periods of inactivity, non-payment (for premium accounts), or legal requirements.
Upon termination: Your access to the Services will cease, your data will be deleted per our Data Retention Policy, you remain responsible for any prior obligations.
Before termination, we recommend exporting your vault data. We cannot provide data after account deletion.
By Us: We may terminate or suspend your account for violation of these Terms, suspected fraudulent activity, extended periods of inactivity, non-payment (for premium accounts), or legal requirements.
Upon termination: Your access to the Services will cease, your data will be deleted per our Data Retention Policy, you remain responsible for any prior obligations.
Before termination, we recommend exporting your vault data. We cannot provide data after account deletion.