Privacy Policy

Password Manager Chrome Extension

Last updated: May 2025

What data is collected

The extension collects only what is necessary to provide the service:

• Your email address, used as your account identifier.
• Your credentials (usernames, passwords) for sites you choose to save. These are encrypted with AES-256-GCM on your device before being sent anywhere. The server stores only the encrypted blob and cannot decrypt it.

What data is never collected

• Your master password — it exists in memory only while the extension is open and is never stored or transmitted.
• Browsing history or page content beyond detecting login form fields on the active page.
• Any data from pages where you do not interact with the extension.

How data is stored

Encrypted credential blobs are stored on the backend server. Your access token is stored in Chrome's local extension storage on your device. No plaintext secrets ever leave your browser.

Data sharing

No data is sold, shared, or disclosed to third parties. The backend exists solely to sync your encrypted credentials across devices.

Permissions used

• storage — saves your encrypted access token locally so you stay logged in.
• tabs — reads the active tab's URL to match credentials to the current site.
• sidePanel — the primary UI surface of the extension.
• Access to all sites — the content script detects login forms on any page you visit so it can offer to save or autofill credentials.

Contact

Questions about this policy: [email protected]