Privacy Policy for CryptoPass
Last Updated: [21/6/25]
Thank you for using CryptoPass ("the extension"). Your privacy and security are the foundation of this project. This policy outlines how your data is handled. The short version is: we collect and store nothing.
1. No Data Collection
CryptoPass does not collect, transmit, or share any personally identifiable information (PII). We do not have servers, and we do not require user accounts. The extension is designed to work completely offline on your local machine.
2. Data Storage
CryptoPass needs to store some data locally on your computer using the standard chrome.storage.local API. This data is never transmitted to the developer or any third party. The following data is stored:
Encrypted Username Mappings: To provide the convenience of remembering which usernames you use for specific websites, these mappings (e.g., google.com: user@gmail.com) are stored. This entire data blob is encrypted using AES-GCM, with a key derived from your Master Passphrase. It is unreadable without your Master Passphrase.
Unencrypted WebAuthn Credential IDs: To enable the "Unlock with Security Key" feature, the public credential IDs generated by the browser are stored unencrypted. This is a requirement for the WebAuthn API to function. These IDs are long, random strings and do not contain any personal information. They only identify that a security key has been registered with the extension, not who you are or what the key is.
3. Permissions
CryptoPass requests the following permissions to function:
storage: Required to store your encrypted mappings and extension settings locally.
activeTab: Required to automatically read the domain name (e.g., "google.com") from your currently active tab to pre-fill the domain field for your convenience. Access is only granted when you click the extension icon.
4. Open Source
CryptoPass is fully open-source. You are encouraged to review the code to verify all the claims made in this policy. [You will add the GitHub link here later]
Changes to This Policy
If this policy changes, the extension will be updated on the Chrome Web Store, and the "Last Updated" date will be modified.
Contact
If you have any questions about this Privacy Policy, please open an issue on our GitHub repository.