Privacy Policy

Last updated: February 2026

Our Commitment

passw0rd is built on the principle of zero knowledge. We are fundamentally designed so that we cannot access your passwords, even if compelled to do so. Your privacy is not a feature — it is our architecture.

What We Cannot Access

  • Your master password — it never leaves your device
  • Your decrypted passwords or vault entries
  • Your encryption keys — they are derived locally via PBKDF2 with 600,000 iterations
  • Any plaintext data you store in the vault

What We Store (Cloud Accounts)

When you use a cloud-synced account, our servers store only:

  • Account information: email address, display name, and avatar URL (from your OAuth provider)
  • Encrypted vault entries: AES-256-GCM ciphertext, initialization vectors, and PBKDF2 salts — all of which are useless without your master password
  • Authentication records: OAuth provider linkage (Google, GitHub) and WebAuthn public keys for passkey login
  • Subscription status: your billing tier and Polar.sh subscription identifiers

Local-Only Mode

When using local-only mode, no data is transmitted to our servers. All vault entries are encrypted and stored entirely within your browser's local storage. We have zero visibility into your usage.

Third-Party Services

The Service integrates with the following third-party services:

  • Google OAuth: used for authentication only. We receive your email, name, and profile picture. We do not access any other Google data.
  • GitHub OAuth: used for authentication only. We receive your email, name, and avatar. We do not access your repositories or other GitHub data.
  • Polar.sh: processes payments for paid subscriptions. Payment information is handled entirely by Polar.sh and is never stored on our servers.
  • Cloudflare: our infrastructure provider. Pages are served via Cloudflare Pages, and the API runs on Cloudflare Workers. Cloudflare's privacy policy applies to network-level data.

Cookies and Tracking

We do not use tracking cookies, analytics, or advertising scripts. The only data stored in your browser is your authentication token (JWT) and, in local-only mode, your encrypted vault data. We do not participate in cross-site tracking of any kind.

Data Encryption Details

  • Algorithm: AES-256-GCM (authenticated encryption)
  • Key Derivation: PBKDF2-SHA256 with 600,000 iterations
  • Salt: 128-bit cryptographically random, unique per entry
  • IV: 96-bit cryptographically random, unique per encryption operation
  • Implementation: Web Crypto API (browser-native, no third-party crypto libraries)

Data Retention

Your encrypted data is stored as long as your account is active. You may delete individual entries or your entire account at any time. Upon account deletion, all associated data is permanently removed from our database. We do not maintain backups of deleted data.

Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this privacy policy to reflect changes in the Service or applicable law. We will post any changes on this page with an updated revision date. Material changes will be communicated through the Service.

Open Source Transparency

passw0rd is fully open source. You can audit our entire codebase, verify our encryption implementation, and confirm our privacy claims at our GitHub repository. We believe security should never require blind trust.

Contact

For privacy or account questions, contact support@usepassw0rd.com. Because passw0rd is zero-knowledge, we cannot recover your master password or decrypt your vault.