🔒 Privacy Policy

PassPass — Offline Password Manager

Last Updated: March 20, 2026
🛡️ Privacy at a Glance PassPass is a fully offline password manager. We do not collect, transmit, or have access to any of your data. All your passwords and card details are stored locally on your device, encrypted with AES-256-GCM. Your privacy is guaranteed by design — not by promises.

1. Data Collection

PassPass does not collect any personal data. Specifically, the app:

  • Does not require or use internet access
  • Does not have network permissions
  • Does not use analytics, telemetry, or tracking of any kind
  • Does not contain advertisements
  • Does not use third-party SDKs that collect data
  • Does not transmit any information to external servers

2. Data Storage

All data is stored exclusively on your device:

  • Passwords & cards are encrypted using AES-256-GCM authenticated encryption
  • Encryption keys are stored in Android Keystore (hardware-backed when available)
  • Your PIN is hashed using PBKDF2 with 600,000 iterations and never stored in plaintext
  • No data is ever transmitted over the internet or stored on any remote server
🔐
PassPass uses industry-standard AES-256-GCM encryption. Your encryption key never leaves the Android Keystore and is protected by hardware security modules on supported devices.

3. Data Access

The developer of PassPass:

  • Has no access to your passwords, cards, or any stored data
  • Cannot recover your data if you forget your PIN
  • Cannot view, modify, or delete your stored information
  • Does not have any backdoor or remote access mechanism

4. Backup & Export

When you create a backup:

  • The backup file is encrypted with a password you choose
  • The file is saved to a location you specify on your device
  • We do not upload backups to any cloud service
  • You are solely responsible for securing your backup files
💡
If you choose to store backup files on cloud storage (Google Drive, etc.), that is your decision and those services' privacy policies apply to those files.

5. Permissions

PassPass requests only the following permissions:

  • Biometric (USE_BIOMETRIC): To enable fingerprint or face unlock as an alternative to PIN entry. This is optional and can be disabled in Settings.
  • Autofill Service (BIND_AUTOFILL_SERVICE): To fill saved passwords and card details into other apps and browsers. This is optional and must be explicitly enabled by you.

No internet, camera, contacts, location, microphone, or other sensitive permissions are requested.

6. Autofill Service

When you enable PassPass as your device's Autofill Service:

  • Credentials are decrypted only when you authenticate via PIN or biometrics
  • Data is filled directly into the requesting app — no intermediary servers
  • No credential data is logged, cached outside the app, or stored in any temporary location
  • Usernames and card numbers are masked in the autofill selection UI for privacy

7. Third-Party Services

PassPass does not integrate with any third-party services that collect user data. The app:

  • Does not use Google Analytics, Firebase Analytics, or any analytics platform
  • Does not use crash reporting services that transmit data externally
  • Does not include any advertising SDKs
  • Does not use social media SDKs or login services

8. Children's Privacy

PassPass does not knowingly collect personal data from children under the age of 13. Since the app collects no personal data whatsoever, this is inherently satisfied by design.

9. Your Rights

Since all data is stored locally on your device, you have complete control:

  • Access: You have full, unrestricted access to all your data within the app at any time
  • Deletion: You can delete any or all passwords, cards, and vaults whenever you choose
  • Portability: You can export your data using the encrypted backup feature
  • Control: Uninstalling the app permanently removes all stored data from your device

10. Data Retention

PassPass retains data only on your device for as long as the app is installed. When you:

  • Delete an entry: It is permanently removed from the local database
  • Uninstall the app: All app data, including the encrypted database and keys, is removed by the Android operating system
  • Clear app data: All stored information is permanently erased

We have no servers, so there is no remote data to retain or delete.

11. Security Measures

PassPass employs multiple layers of security to protect your data:

  • AES-256-GCM: Industry-standard authenticated encryption for all sensitive data
  • Android Keystore: Hardware-backed key storage (when supported by device)
  • PBKDF2: 600,000 iteration key derivation for PIN hashing
  • Biometric authentication: Optional fingerprint or face unlock
  • Auto-lock: Automatic session lock when the app is backgrounded
  • No network access: Eliminates remote attack vectors entirely

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be reflected in the "Last Updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the app after changes constitutes acceptance of the updated policy.

13. Contact

If you have any questions, concerns, or feedback about this Privacy Policy or PassPass in general, please contact us at:

Email: passpass.app@example.com

🔒 The Bottom Line Your passwords stay on your device — encrypted, offline, and entirely under your control. We never see them, we can't access them, and we don't want to. Your privacy is guaranteed by architecture, not just policy.