Privacy Policy

At PassUNO, we believe your passwords and personal data belong to you and only you. This privacy policy explains how PassUNO handles your information and reinforces our commitment to your privacy and security.

PassUNO is designed with privacy as a fundamental principle. Here's what we don't collect:

• Your master password - We never have access to your master password. It never leaves your device.
• Your stored passwords - All passwords are encrypted locally on your device with AES-256 encryption before storage.
• Personal identification information - We don't collect names, email addresses, phone numbers, or any personally identifiable information.
• Usage analytics - We don't track how you use the application or which websites you save passwords for.
• Device information - We don't collect information about your device, operating system, or browser.
• Location data - We never collect or track your location.

Local Storage Only: All your password data is stored exclusively on your local device using your browser's localStorage API or the application's local database. Your encrypted vault never leaves your device unless you explicitly export it for backup purposes.

Encryption: Your password vault is encrypted using AES-256-GCM encryption with PBKDF2 key derivation (200,000 iterations). Your master password is used to derive the encryption key, ensuring that only you can decrypt your data.

No Cloud Sync: PassUNO does not offer cloud synchronization services. This design choice ensures your encrypted passwords remain under your complete control and never transit through third-party servers.

• Military-grade encryption - AES-256-GCM encryption standard used by governments and financial institutions worldwide.
• PBKDF2 key derivation - 200,000 iterations protect against brute-force attacks on your master password.
• Security questions - Optional recovery mechanism that allows you to reset your master password if forgotten.
• Local processing - All cryptographic operations happen on your device, never on external servers.
• Password generator - Create strong, random passwords up to 32 characters with customizable complexity.
• Session locking - Manual lock feature ensures your vault is protected when you step away.

PassUNO provides export functionality that allows you to create encrypted backup files of your password vault. These backup files contain:

• Your encrypted password vault
• Security question and answer hash
• Encryption metadata (salts and wrapped keys)

Exported files remain encrypted and can only be decrypted using your master password or security answer. You are responsible for storing these backups securely.

PassUNO does not integrate with, share data with, or communicate with any third-party services, analytics providers, or advertising networks. The application operates entirely offline and does not make any network requests.

Browser Version: Uses your browser's localStorage API to store encrypted data. Data persists in your browser and is subject to your browser's data management policies.

Desktop Application: Stores encrypted data in local application files on your computer. Data remains on your device and is not shared with any external services.

Both versions use identical encryption standards and security practices.

Because PassUNO operates on a zero-knowledge model, you are responsible for:

• Master password security - Choose a strong, unique master password and keep it secure.
• Security answer confidentiality - Your security answer is your only recovery option if you forget your master password.
• Backup management - Regularly export and securely store backup files.
• Account deletion - If you delete your account, all data is permanently and irreversibly deleted. We cannot recover it.

You can permanently delete all your PassUNO data at any time through the application settings. This action:

• Immediately removes all encrypted passwords from storage
• Deletes your master password hash and security information
• Erases all encryption keys and metadata
• Cannot be undone or recovered

After deletion, no trace of your data remains on the device.

PassUNO does not collect any personal information from anyone, including children under the age of 13. Since we don't collect any data, there are no special provisions needed for children's data under COPPA or similar regulations.

We may update this privacy policy from time to time to reflect changes in our practices or for legal reasons. When we make changes, we will update the "Last Updated" date at the top of this policy. Continued use of PassUNO after changes constitutes acceptance of the updated policy.

If you have questions about this privacy policy or PassUNO's privacy practices, you can review the application's open-source code or contact us through our official channels. Since we don't collect data, we have no data retention, deletion, or access request processes to manage.