gPass

gPass Commit Details

Date:2020-02-26 16:09:22 (5 months 8 days ago)
Author:Grégory Soutadé
Branch:master
Commit:85fa47037d738cc77f4eac6773755727c8f51acb
Parents: 32f36a1100e88c5dd3bb085c4169175d9888ac4e
Message:Update PrivacyPolicy.md

Changes:
MPrivacyPolicy.md (2 diffs)

File differences

PrivacyPolicy.md
22
33
44
5
5
66
77
88
9
10
9
10
1111
1212
13
13
1414
15
16
15
16
1717
1818
1919
......
2121
2222
2323
24
24
2525
26
26
2727
2828
2929
3030
3131
32
33
32
33
3434
3535
3636
3737
3838
3939
40
40
4141
4242
43
43
4444
4545
46
46
4747
------------------------------------------
## Information we collect ##
## Information we collect ##
The gPass extension collect three information once invoked :
* Site address URL
* Login name
* Master key
* Login name
* Master key
## How we use information we collect ##
## How we use information we collect ##
Once collected, site address and login name are crypted by a derived version of your master key.
It's then sent to the server you configured in extension configuration page for comparison.
Once collected, site address and login name are encrypted by a derived version of your master key.
It's then sent to the server (password server) you configured in extension configuration page for comparison.
This server has been set up by the user himself (recommended) or by a provider he trust in.
version of your information. They are never decrypted in the server side.
If a comparison match, the real password is sent back to your extension were
it's unencrypted using the same key.
it's unencrypted using the same key (derived masterkey).
Finally, the application context is cleared and nothing is retained in memory
Finally, the application context is cleared and nothing is kept in memory
nor written anywhere.
## Accessing and updating your personal information ##
As a user, you can add, edit and delete your crypted information through
the web interface of the configuration defined server.
As a user, you can add, edit and delete your ciphered information through
the web interface of the password server.
During these operations, no clear information is sent to the server.
## Information we share ##
Nothing is shared with anyone. Nor on extension side nor on server side.
Nothing is shared with anyone. Nor on extension side, nor on server side.
## Information security ##
## Information security ##
Information transmitted to the server are done through an HTTPS AJAX request.
Data are crypted using AES 256 CBC algorithm and the master key is prior
Data are encrypted using AES 256 CBC algorithm and the master key is prior
derived using PKBDF2 algorithm.

Archive Download the corresponding diff file