Privacy Policy — AVA

AVA (AnotherVaporAuth) · Effective date: 2026-07-02

AVA ("the app") is a free, open-source, community-built authenticator for Steam. It is not affiliated with Valve or Steam. This policy explains what data the app handles and how.

Short version: the current version of the app has no backend of its own. We (the developers) collect nothing automatically and have no access to your data. Everything stays on your device, and the app talks directly to Valve's official Steam servers, which are required for it to work. If a future version adds optional online features (such as cloud sync or trade notifications), they will be strictly opt-in and described in an update to this policy before you can enable them (see Section 7).

1. Data stored on your device

The app stores the following locally, on your device only:

At rest this data is encrypted with AES-256-GCM using a random key held in your device's hardware-backed Android Keystore and unwrapped by your 6-digit unlock PIN (and, if enabled, your device biometrics / device credential). Because the key is bound to your device's keystore, copies of the data files are useless on any other device. None of it reaches us.

2. Data we collect

Nothing automatically. The app contains no analytics, telemetry, advertising, crash reporting, or tracking of any kind, and there is no account with us. The only data that ever reaches the developer is feedback you compose and send yourself (see Section 3).

3. Network connections

To function, the app connects directly to Valve's official Steam services, including:

These requests go straight from your device to Valve. Your use of Steam through the app is subject to Valve's own Steam Privacy Policy.

The single exception is Settings → Feedback, which is entirely opt-in: nothing is transmitted unless you press send. When you do, your message, the optional contact field, and one metadata line shown verbatim in the form (app version, platform, language) are delivered to ava-feedback.dotslash.pro — a relay operated by the developer that forwards the report as an e-mail to the developer's mailbox and stores nothing else. If you tick “Attach debug log” (off by default), the in-app debug log is included too — recent network-trace lines that may contain your account names and SteamIDs, but never your secrets, tokens or passwords. Like any web request, the relay sees your IP address; it is included in the forwarded e-mail and kept nowhere else. Beyond this user-initiated feedback, the app makes no connection to any server operated by the AVA developers.

4. Permissions

The app requests no location, contacts, or other sensitive permissions beyond these.

5. Sharing your data

We do not share your data because we do not have it. The app does not sell, rent, or transmit your data to any third party other than Valve (as required for the app to work).

6. Exporting your data

You can export an account's maFile from the app. An exported unencrypted maFile contains your Steam Guard secrets and, if you saved it, your account password. Anyone who obtains that file can access your account — store and share exports carefully. They are your responsibility.

7. Cloud sync and other online features (not currently available)

The current version has no cloud sync, cloud backup, or push-notification service. All data is local, as described above.

We do plan optional online features — for example cloud sync/backup of your authenticator data, or trade/confirmation notifications (which may require a server component operated by us). Any such feature will:

Until then, no data leaves your device except the direct Steam requests and the opt-in feedback described in Section 3.

8. Children

The app is not directed to children and is intended for Steam account holders, consistent with Valve's own age requirements.

9. Changes to this policy

We may update this policy as the app evolves (for example, when cloud sync or notifications are introduced). Changes are published with a new effective date, and the full history is available in the open-source project repository.

10. Contact

Questions? Open an issue on the project repository:
github.com/freefrank/AnotherVaporAuth