TERMS AND CONDITIONS OF USE FOR THE BRENNUS OTP APPLICATION

In effect as of February 14, 2026

PREAMBLE#

These Terms and Conditions of Use (hereinafter “T&Cs”) are concluded between:

• The Publisher: Kévin Sibué, legal representative of the Brennus OTP application, accessible via the open-source repository hosted on Codeberg and distributed via the App Store and Google Play Store platforms.
• The User: Any natural or legal person using the Application.

The T&Cs define the legal and technical conditions governing the use of the Application. The User is deemed to have accepted these T&Cs without reservation upon installation or use of the Application.

ARTICLE 1 – PURPOSE#

1.1. The Brennus OTP Application is open-source software designed to locally generate, store, and manage OTP (One-Time Password) codes. It is distributed free of charge under the GNU GPLv3 license.

1.2. The purpose of these T&Cs is to define:

• The rights and obligations of the Publisher and the User;
• The conditions for accessing and using the Application;
• The Publisher’s limitations of liability.

ARTICLE 2 – ACCESS AND USE OF THE APPLICATION#

2.1. Free of charge and absence of account The Application is free of charge and does not require the creation of an account. The User accesses the Application under their sole responsibility.

2.2. Local storage and data security OTP codes are stored exclusively locally on the User’s device and are encrypted to ensure confidentiality. The Publisher has no access to this data, which remains under the sole responsibility of the User.

• The User is responsible for the security of their device and the protection of their backups (if applicable).
• No data is transmitted to the Publisher or third parties, except in the case of optional activation of the crash collection tool (see Article 3).

2.3. Backups and sharing

• Backups (JSON files) and the sharing of otpauth URLs are unsecured and are the sole responsibility of the User.
• The User acknowledges that these files and links contain security secrets in plaintext. Their storage, transport (email, third-party cloud, etc.), and protection are the exclusive responsibility of the User.
• The Publisher disclaims all liability in the event of loss, theft, or compromise of data resulting from unsecured backup or sharing.

2.4. Updates Updates to the Application are offered via official platforms (App Store, Google Play Store). It is strongly recommended that the User install these updates to benefit from the latest security patches and features. The Publisher reserves the right to cease support for obsolete versions or the Application itself at any time, without notice or compensation.

ARTICLE 3 – PERSONAL DATA PROTECTION#

3.1. Absence of personal data collection The Application does not collect, store, or transmit any personal data to the Publisher or third parties. OTP codes are only stored locally on the User’s device and are never accessible to the Publisher.

3.2. Third-party tools The Application may use anonymous and optional third-party tools (such as crash reports) to improve its stability. These tools do not collect any personal data and can be deactivated at any time by the User.

• Free activation/deactivation: The User can choose to activate or deactivate crash collection during the installation of the Application, as well as at any time via the settings. The sending of these reports is deactivated by default.
• No personal data: Reports sent to the crash tool do not contain any information allowing the identification of the User and are used solely to improve the stability of the Application. These reports are anonymized and do not contain any vault data (OTP codes) or encryption keys, but may contain technical information such as: device model, operating system version, Application version, and technical error traces.

3.3. GDPR Compliance The Publisher undertakes to comply with the principles of the General Data Protection Regulation (GDPR). Since no personal data is processed, the applicable GDPR obligations are limited to transparency regarding the absence of collection and the optional nature of the crash reporting tool.

ARTICLE 4 – RESPONSIBILITIES AND WARRANTIES#

4.1. Application provided “as is” The Application is made available without warranty of any kind, express or implied, particularly regarding:

• Security: The Publisher does not guarantee the absence of vulnerabilities or security flaws;
• Availability: The Publisher does not guarantee uninterrupted access to the Application;
• Fitness for a particular purpose: The User acknowledges using the Application at their own risk.

4.2. Limitation of liability The Publisher shall not be held liable:

• For the loss or theft of OTP codes, including in the event of compromise of the User’s device;
• For the fraudulent use of the Application (e.g., phishing, unauthorized access to third-party systems);
• For indirect damages (loss of data, financial loss, damage to reputation, etc.);
• For consequences related to the use of unsecured backups or the sharing of otpauth URLs.

4.3. Prohibition of unlawful use The User agrees not to use the Application for illegal purposes or purposes contrary to public order, including:

• To commit acts of hacking, fraud, or identity theft;
• To bypass security measures or access computer systems without authorization.

In the event of a breach of this obligation, the Publisher reserves the right to take any appropriate measure, including reporting to the competent authorities.

ARTICLE 5 – LICENSE AND INTELLECTUAL PROPERTY#

5.1. GPLv3 License The Application is distributed under the GNU GPLv3 license. The User is authorized to:

• Use, modify, and redistribute the Application, subject to compliance with the terms of the GPLv3 license;
• Access the source code, available on Codeberg.

5.2. Restrictions

• Although the code is open-source, the Publisher has chosen to conduct this project closed to external contributions. No “Pull Request” or contribution to the official repository will be accepted or reviewed.
• Any redistribution of the Application must include these T&Cs and mention the GPLv3 license.

ARTICLE 6 – MODIFICATION OF THE T&CS#

6.1. The Publisher reserves the right to modify these T&Cs at any time, particularly to:

• Comply with legislative or regulatory changes;
• Improve the security or functionality of the Application.

6.2. Modifications will take effect upon their publication on the Codeberg repository or via a notification within the Application. Continued use of the Application constitutes acceptance of the new T&Cs.

ARTICLE 7 – CONTACT AND SUPPORT#

7.1. For any questions regarding the T&Cs or the Application, the User may contact the Publisher at: contact@brennus-otp.fr

7.2. No technical support is guaranteed. The Publisher undertakes to respond as far as possible, without any obligation regarding response time or resolution.

ARTICLE 8 – APPLICABLE LAW AND DISPUTES#

8.1. These T&Cs are governed by French law.

8.2. Any dispute relating to the interpretation or execution of the T&Cs shall be submitted to the competent courts of Lyon, notwithstanding a plurality of defendants or impleader (warranty claims).

ARTICLE 9 – MISCELLANEOUS PROVISIONS#

9.1. Severability If any clause of these T&Cs is declared null or unenforceable, the other clauses shall remain in effect.

9.2. Entire Agreement These T&Cs constitute the entire agreement between the Publisher and the User and supersede any prior agreements.

Executed in Lyon, February 14, 2026. Kévin Sibué Publisher of the Brennus OTP Application