Privacy Policy
Last updated: June 10, 2026
This Privacy Policy explains how 0101 Inc ("0101," "we," "us," or "our") handles information in connection with the 1Key Unified Zero Trust Platform, including our website at 1key.one, the 1Key administration console, the 1Key mobile applications for iOS and Android, the 1Key Progressive Web App (PWA), and the Badger Gate, Badger Guardian, Badger Shield, and Badger Guard agents (collectively, the "Services").
1. Our Role: Multi-Tenant Platform
1Key is a multi-tenant service. Each customer organization (a "Tenant") operates within its own logically isolated environment. Your relationship with us depends on how you use 1Key:
- When we act as a "Processor" (Service Provider). For most data processed through the platform on behalf of a Tenant — such as employee authentication events, device posture, and directory records — the Tenant (your employer or the organization that issued your account) is the "Controller." That organization decides what data is collected and why. We process that data only on the Tenant's instructions and under our agreement with them. If you are an end user, please direct privacy requests to your organization first.
- When we act as a "Controller." For data we collect for our own purposes — such as website visitors, demo requests, sales and support communications, and billing contacts — 0101 Inc is the Controller, and this Policy governs directly.
2. Information We Collect
2.1 Account & Identity Data
Provisioned by your Tenant or its directory (e.g., Microsoft Entra ID, Google Workspace, JumpCloud) via SAML, OIDC, or SCIM: name, work email, username, group/role membership, and Tenant association.
2.2 Authentication & Security Event Data
To deliver MFA and Zero Trust enforcement we process: push-approval requests and responses, QR authentication sessions, sign-in and step-up events, timestamps, the application or resource being accessed, approval/denial outcomes, IP address, and the network context of each request.
2.3 Device & Posture Telemetry
For Badger Gate, Badger Guard, and Badger Guardian, the agents collect device security posture, such as operating system and patch level, antivirus and firewall status, disk-encryption (e.g., BitLocker) state, hardware attributes, and related compliance signals used to allow or deny access. The specific attributes collected are configured by your Tenant.
2.4 Mobile App Data (iOS & Android)
The 1Key mobile app is used to approve logins and perform step-up authentication. It processes:
- Push notification tokens issued by Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM), used to deliver approval requests to your device.
- Device information such as device model, OS version, app version, and a 1Key-generated device identifier used to bind your account to a trusted device. We do not use the advertising identifier (IDFA / AAID) and do not track you across apps or websites.
- Camera input, used only to scan dynamic QR codes for authentication. Images are processed on-device in real time and are not stored or transmitted.
- Location (see Section 4), when your Tenant enables geo-fencing or impossible-travel protection.
- Biometrics (see Section 3), used locally to unlock approvals.
2.5 Progressive Web App (PWA) Data
The 1Key PWA provides browser-based access and, where supported, installable app-like behavior. It uses:
- Web Push subscriptions (via the browser's Push API and a service worker) to deliver approval prompts, where you have granted notification permission.
- Local storage / IndexedDB and a service worker cache to keep you signed in, enable offline behavior, and store non-sensitive app state on your device.
- WebAuthn / FIDO2 passkeys for passwordless authentication; key material is held by your device/authenticator and is never transmitted to us.
- Strictly necessary cookies and tokens for session and security. We do not use third-party advertising or cross-site tracking cookies.
2.6 Website & Sales Data
When you submit our demo request form or contact us, we collect your full name, work email, company name, and the contents of your communications.
2.7 Log & Diagnostic Data
We automatically collect server logs, error/crash diagnostics, and limited analytics (such as IP address, browser/app type, and pages or screens viewed) to operate and secure the Services.
3. Biometric Authentication
1Key uses your device's native biometrics — Face ID, Touch ID, Android biometrics, and Windows Hello — only to verify you locally and release a cryptographic credential. Your biometric data (face or fingerprint) never leaves your device and is never collected, transmitted, or stored by 0101 Inc. We only receive a yes/no result.
4. Location Data
Where a Tenant enables geo-fencing or impossible-travel detection, the mobile app may collect approximate or precise location at the time of an authentication request to evaluate whether the request is coming from an expected place or at a physically possible velocity. Location is used for security evaluation of that request and is not used for advertising or continuous background tracking. You can disable location permission in your device settings, though doing so may prevent location-based policies from functioning.
5. Permissions Requested by the Mobile Apps
| Permission | Why it's used | Required? |
|---|---|---|
| Notifications | Deliver login/step-up approval requests | Recommended |
| Camera | Scan dynamic QR codes for authentication | Only for QR login |
| Location | Geo-fencing & impossible-travel checks | Only if Tenant enables it |
| Biometrics / Face ID | Local unlock of approvals (on-device only) | Optional |
You can grant or revoke any of these permissions at any time in your device's system settings.
6. How We Use Information
- Authenticate users and enforce Zero Trust access and posture policies;
- Deliver push, QR, and passwordless approval flows across web, desktop, and mobile;
- Detect and prevent fraud, account compromise, and unauthorized access;
- Provide, maintain, secure, troubleshoot, and improve the Services;
- Respond to demo requests, sales inquiries, and support;
- Comply with legal obligations and enforce our agreements.
7. Tenant Data Isolation
Each Tenant's data is logically segregated so that one Tenant cannot access another Tenant's users, devices, or authentication records. Access controls, encryption, and per-Tenant scoping are applied throughout the platform.
8. How We Share Information
We do not sell your personal information or share it for cross-context behavioral advertising. We share information only as follows:
- With your Tenant — administrators of your organization can view authentication events, device posture, and related records for their own users.
- Subprocessors / service providers — including cloud hosting, Apple Push Notification service (APNs), Firebase Cloud Messaging (FCM), email delivery, and scheduling providers, who process data only to provide services to us.
- Legal & safety — when required by law, regulation, legal process, or to protect the rights, property, or safety of 0101 Inc, our customers, or others.
- Business transfers — in connection with a merger, acquisition, financing, or sale of assets.
9. Push Notifications
Approval prompts are delivered through APNs (iOS), FCM (Android), and the Web Push protocol (PWA). These providers process device tokens and the encrypted notification payload solely to route the message to your device. You can disable notifications in your device or browser settings, though this may require you to approve logins manually within the app.
10. Data Retention
For Tenant data, we retain information for the duration of the Tenant's subscription and according to the retention settings and instructions configured by that Tenant, after which it is deleted or anonymized in line with our agreement. For data we control (e.g., website and sales inquiries), we retain it only as long as necessary for the purposes described here or as required by law.
11. Data Security
We apply appropriate technical and organizational measures, including encryption in transit and at rest, strong authentication, least-privilege access controls, per-Tenant isolation, and monitoring. No system is perfectly secure, but security is core to what 1Key is built to provide.
12. International Data Transfers
We may process information in countries other than where you live. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers of personal data.
13. Your Privacy Rights
Depending on your location, you may have the right to access, correct, delete, port, or restrict processing of your personal information, and to object to certain processing. Residents of the EEA/UK (GDPR) and California (CCPA/CPRA) may have additional rights, including the right not to be discriminated against for exercising them.
If you are an end user of a Tenant, we generally act as a Processor, so please submit requests to your organization; we will assist them as required. For data we control, contact us using Section 16.
14. Children's Privacy
The Services are intended for business and enterprise use and are not directed to children under 16. We do not knowingly collect personal information from children.
15. App Store & Platform Disclosures
Consistent with Apple App Store and Google Play requirements: we do not sell your data, we do not use it for third-party advertising, and we do not track you across other companies' apps or websites. Data collected by the mobile apps is used to authenticate you and secure access, as described above. App-store data-safety labels summarize these practices.
16. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date above and, where appropriate, through additional notice.
17. Contact Us
For questions about this Privacy Policy or our data practices, contact us at cloud [at] 0101inc [dot] com, or visit 0101inc.com.