Privacy Policy

Last Updated: May 20, 2026

Trezur is a product of Quirkdom. Trezur is a privacy-focused, offline-first, browser-side application designed to generate TOTP and HOTP codes for two-factor authentication (2FA). We are committed to your privacy and believe that your security credentials should remain entirely under your control.

1. Data Collection and Usage

Trezur operates as a browser-side only web application hosted by Quirkdom. This means:

  • No Personal Data Collection: We do not collect, store, or process any personal information, usage data, or authentication tokens on our servers.
  • Local Storage: All 2FA token data is stored locally, encrpyted within your browser's storage. It never leaves your device unless you explicitly choose to initiate a backup / sync.
  • No Trackers: Our application does not utilize tracking cookies, marketing pixels, or third-party behavioral analytics. We may use privacy-first web analytics (such as Cloudflare Web Analytics) to monitor aggregate site performance, which does not collect personally identifiable information.

2. Google Drive Integration

Trezur offers an optional feature that allows you to back up and sync your encrypted token data to your personal Google Drive (stored within a dedicated application data folder).

  • How we use Google Data: If you enable this feature, Trezur requests access only to the Google Drive App Data folder (the narrowest scope necessary). This scope allows the app to save and retrieve your own encrypted backup files.
  • Encryption of Backups: Before your data is sent to Google Drive, it is encrypted locally on your device using industry-standard encryption protocols. This means that even within your Google Drive, the file remains encrypted and protected by your own passphrase, providing an additional layer of security separate from the encryption provided by Google Drive itself.
  • No Access to Other Files: Our application does not have access to any other files in your Google Drive or any other personal Google account data (such as Gmail, Calendar, or Contacts).
  • Data Handling: Quirkdom does not store, process, or transmit your Google OAuth access tokens or any of your authentication secrets on our servers. The synchronization process occurs directly between your browser and the Google Drive API.

3. Data Security

  • Encryption at Rest: All token data stored within your browser is encrypted locally.
  • Client-Side Architecture: Because Trezur is a web application that runs entirely within your browser, no data is sent back to our hosting infrastructure (Cloudflare Pages/Workers) during normal operation.

4. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. We will notify you of any significant changes by updating the "Last Updated" date at the top of this page.

5. Contact

If you have any questions or concerns regarding this Privacy Policy or how Trezur handles your data, please contact us at: