Privacy-first design
Protecting user privacy has been our top priority from day one.
Customer-centric
Our products weren’t built for profit—they were built out of personal need. We’re committed to doing right by real users, not investors.
Looking out for end-users
We care about privacy
We believe your online identity should be yours to control. That’s why your private key stays securely on your phone—in your hands, not the cloud.
Privacy-first design
Protecting user privacy has been our top priority from day one.
Customer-centric
Our products weren’t built for profit—they were built out of personal need. We’re committed to doing right by real users, not investors.
Looking out for end-users
We care about privacy
We believe your online identity should be yours to control. That’s why your private key stays securely on your phone—in your hands, not the cloud.
Privacy-first design
Protecting user privacy has been our top priority from day one.
Customer-centric
Our products weren’t built for profit—they were built out of personal need. We’re committed to doing right by real users, not investors.
Looking out for end-users
We care about privacy
We believe your online identity should be yours to control. That’s why your private key stays securely on your phone—in your hands, not the cloud.
Allthenticate is proudly backed by
Allthenticate is proudly backed by
Data that we DO NOT collect
Location
We do not explicitly log your location, nor does the Allthenticator app allow employers to collect any data, including location, from your phone. There are plenty of other companies that do this, but we are not one of them.
PII
Outside of your email, first name, and last name, the Allthenticator app does not ask for, or store, any personally identifiable information (PII). We simply provide secure authentication and communication.
Personal Usage
What you do with our products in your personal life is your business.
What you do with your employer's resources is literally their business and they have a right to know.
Data that we DO collect
Crash Dumps
We use Sentry to collect crash dumps from all of our products to make sure that we aware of problems and can fix this as fast as possible. Similarly, we use Mender to manage firmware updates and perform remote debugging for our hardware readers. We encourage all of our customers to use proper VLANs and network isolation with our hardware and other IoT devices.
Public Key Data
Collecting a first name, last name, email, and public key follows a precedent set by PGP in the 1980s and we agree that it's a clean, elegant way to link identity to humans without being too intrusive.
Logs
One of the greatest features of our all-in-one identity solution is unified logs. However, these logs are only ever generated from employer-owned assets like computers and doors, and only when they are interacted with. These logs are stored securely on our servers and are only accessible by vetted Allthenticate personnel and the designated organization admins.
Usage Metrics
We owe our origins to sound research and the scientific method. We do collect anonymized performance and usage metrics to help us improve the product. For example, how long the devices take to connect, how fast authentication requests are satisfied, and how many times users need to open their app vs. a seamless experience.
Billing Info
We do not store any billing information. Administrators provide all of this data to Stripe, our external payment handler.
Data that could be inferred
While we do not collect this data explicitly, we want to be transparent about exactly what Allthenticate does have access to.
When you are using our product
The app connects to our servers using SocketIO (HTTPS) to handle web login attempts, receive updated access control lists, and communicate with other resources in our ecosystem.
Thus, it is technically possible to infer when a particular user is using the app (we must know which phone belongs to which user to send the appropriate request) and must similarly know which resource they are interacting with (the origin of the request).
Where you work
Your account is necessarily bound with your employers.
Your role at work
Employers may create groups, which might be very descriptive (e.g., IT Staff), and therefore is visible in our database.
Data that we DO NOT collect
Location
We do not explicitly log your location, nor does the Allthenticator app allow employers to collect any data, including location, from your phone. There are plenty of other companies that do this, but we are not one of them.
PII
Outside of your email, first name, and last name, the Allthenticator app does not ask for, or store, any personally identifiable information (PII). We simply provide secure authentication and communication.
Personal Usage
What you do with our products in your personal life is your business.
What you do with your employer's resources is literally their business and they have a right to know.
Data that we DO collect
Crash Dumps
We use Sentry to collect crash dumps from all of our products to make sure that we aware of problems and can fix this as fast as possible. Similarly, we use Mender to manage firmware updates and perform remote debugging for our hardware readers. We encourage all of our customers to use proper VLANs and network isolation with our hardware and other IoT devices.
Public Key Data
Collecting a first name, last name, email, and public key follows a precedent set by PGP in the 1980s and we agree that it's a clean, elegant way to link identity to humans without being too intrusive.
Logs
One of the greatest features of our all-in-one identity solution is unified logs. However, these logs are only ever generated from employer-owned assets like computers and doors, and only when they are interacted with. These logs are stored securely on our servers and are only accessible by vetted Allthenticate personnel and the designated organization admins.
Usage Metrics
We owe our origins to sound research and the scientific method. We do collect anonymized performance and usage metrics to help us improve the product. For example, how long the devices take to connect, how fast authentication requests are satisfied, and how many times users need to open their app vs. a seamless experience.
Billing Info
We do not store any billing information. Administrators provide all of this data to Stripe, our external payment handler.
Data that could be inferred
While we do not collect this data explicitly, we want to be transparent about exactly what Allthenticate does have access to.
When you are using our product
The app connects to our servers using SocketIO (HTTPS) to handle web login attempts, receive updated access control lists, and communicate with other resources in our ecosystem.
Thus, it is technically possible to infer when a particular user is using the app (we must know which phone belongs to which user to send the appropriate request) and must similarly know which resource they are interacting with (the origin of the request).
Where you work
Your account is necessarily bound with your employers.
Your role at work
Employers may create groups, which might be very descriptive (e.g., IT Staff), and therefore is visible in our database.
Data that we DO NOT collect
Location
We do not explicitly log your location, nor does the Allthenticator app allow employers to collect any data, including location, from your phone. There are plenty of other companies that do this, but we are not one of them.
PII
Outside of your email, first name, and last name, the Allthenticator app does not ask for, or store, any personally identifiable information (PII). We simply provide secure authentication and communication.
Personal Usage
What you do with our products in your personal life is your business.
What you do with your employer's resources is literally their business and they have a right to know.
Data that we DO collect
Crash Dumps
We use Sentry to collect crash dumps from all of our products to make sure that we aware of problems and can fix this as fast as possible. Similarly, we use Mender to manage firmware updates and perform remote debugging for our hardware readers. We encourage all of our customers to use proper VLANs and network isolation with our hardware and other IoT devices.
Public Key Data
Collecting a first name, last name, email, and public key follows a precedent set by PGP in the 1980s and we agree that it's a clean, elegant way to link identity to humans without being too intrusive.
Logs
One of the greatest features of our all-in-one identity solution is unified logs. However, these logs are only ever generated from employer-owned assets like computers and doors, and only when they are interacted with. These logs are stored securely on our servers and are only accessible by vetted Allthenticate personnel and the designated organization admins.
Usage Metrics
We owe our origins to sound research and the scientific method. We do collect anonymized performance and usage metrics to help us improve the product. For example, how long the devices take to connect, how fast authentication requests are satisfied, and how many times users need to open their app vs. a seamless experience.
Billing Info
We do not store any billing information. Administrators provide all of this data to Stripe, our external payment handler.
Data that could be inferred
While we do not collect this data explicitly, we want to be transparent about exactly what Allthenticate does have access to.
When you are using our product
The app connects to our servers using SocketIO (HTTPS) to handle web login attempts, receive updated access control lists, and communicate with other resources in our ecosystem.
Thus, it is technically possible to infer when a particular user is using the app (we must know which phone belongs to which user to send the appropriate request) and must similarly know which resource they are interacting with (the origin of the request).
Where you work
Your account is necessarily bound with your employers.
Your role at work
Employers may create groups, which might be very descriptive (e.g., IT Staff), and therefore is visible in our database.
Our Pledge to You
We will always maintain an honest relationship with you about what data we collect and how it is used.
We do not sell your data
We sell authentication products, not data. While we will use analytics data internally to optimize our products and your experience, we will never sell any of your data, including whether or not you are a user, to external firms.
We do not abuse our power
As an authentication company, we work in a critical layer of your stack. We will never use this power to unlock things that we should not.
No Tracking
Nothing from the Allthenticator can be used to actively track you. All of the data is processed locally on your device.
We will protect your data
While 100% security guarantees are impossible, we will always use best practices and employ the best security principals to protect customer data.
Our Pledge to You
We will always maintain an honest relationship with you about what data we collect and how it is used.
We do not sell your data
We sell authentication products, not data. While we will use analytics data internally to optimize our products and your experience, we will never sell any of your data, including whether or not you are a user, to external firms.
We do not abuse our power
As an authentication company, we work in a critical layer of your stack. We will never use this power to unlock things that we should not.
No Tracking
Nothing from the Allthenticator can be used to actively track you. All of the data is processed locally on your device.
We will protect your data
While 100% security guarantees are impossible, we will always use best practices and employ the best security principals to protect customer data.
Our Pledge to You
We will always maintain an honest relationship with you about what data we collect and how it is used.
We do not sell your data
We sell authentication products, not data. While we will use analytics data internally to optimize our products and your experience, we will never sell any of your data, including whether or not you are a user, to external firms.
We do not abuse our power
As an authentication company, we work in a critical layer of your stack. We will never use this power to unlock things that we should not.
No Tracking
Nothing from the Allthenticator can be used to actively track you. All of the data is processed locally on your device.
We will protect your data
While 100% security guarantees are impossible, we will always use best practices and employ the best security principals to protect customer data.
Privacy-Preserving by Design
From the beginning, our architecture was built to protect privacy—even in worst-case scenarios. Core safeguards are embedded into every layer of the system.
From the beginning, our architecture was built to protect privacy—even in worst-case scenarios. Core safeguards are embedded into every layer of the system.
Phones Listen, Not Beacon
Our app passively listens for BLE beacons and only responds when it detects a cryptographically verified device nearby. This prevents your phone from broadcasting identifiable signals and protects against active tracking.
Our app passively listens for BLE beacons and only responds when it detects a cryptographically verified device nearby. This prevents your phone from broadcasting identifiable signals and protects against active tracking.
Anonymized Identity
All devices—phones, doors, computers—only expose randomized UUIDs and public keys, with no link to user identity. No metadata. No profiling.
All devices—phones, doors, computers—only expose randomized UUIDs and public keys, with no link to user identity. No metadata. No profiling.
End-to-end Encryption
Every device communicates directly with peers over end-to-end encrypted channels, ensuring protection against interception, tampering, and man-in-the-middle attacks.
Every device communicates directly with peers over end-to-end encrypted channels, ensuring protection against interception, tampering, and man-in-the-middle attacks.
Open-Source Software
We will always try to be as open as possible
Able stands for Allthenticate's BLE Peripheral Library. It serves the purpose of enabling the abstraction of using a BLE Peripheral on Ubuntu, macOS, and Windows based systems without having to adapt your software to have platform specific support.
Open-Source Software
We will always try to be as open as possible
Able stands for Allthenticate's BLE Peripheral Library. It serves the purpose of enabling the abstraction of using a BLE Peripheral on Ubuntu, macOS, and Windows based systems without having to adapt your software to have platform specific support.
Open-Source Software
We will always try to be as open as possible
Able stands for Allthenticate's BLE Peripheral Library. It serves the purpose of enabling the abstraction of using a BLE Peripheral on Ubuntu, macOS, and Windows based systems without having to adapt your software to have platform specific support.
More questions about privacy?
How do I delete my account permanently?
How do I know I can trust Allthenticate?
How do I propose ideas for making Allthenticate even better?
How long are logs kept?
Can my employer track me through the Allthenticator app?
More questions about privacy?
How do I delete my account permanently?
How do I know I can trust Allthenticate?
How do I propose ideas for making Allthenticate even better?
How long are logs kept?
Can my employer track me through the Allthenticator app?
More questions about privacy?
How do I delete my account permanently?
How do I know I can trust Allthenticate?
How do I propose ideas for making Allthenticate even better?
How long are logs kept?
Can my employer track me through the Allthenticator app?
808 Travis St, Houston TX 77002
808 Travis St, Houston TX 77002
808 Travis St, Houston TX 77002
Disclaimer: Conflict between this page and any separate data security and privacy terms under a customer agreement shall be resolved in favor of those terms under the customer agreement.
Disclaimer: Conflict between this page and any separate data security and privacy terms under a customer agreement shall be resolved in favor of those terms under the customer agreement.