gPass

gPass Git Source Tree

Root/PrivacyPolicy.md

1gPass web browser extension Privacy Policy
2------------------------------------------
3
4
5## Information we collect ##
6
7The gPass extension collect three information once invoked :
8 * Site address URL
9 * Login name
10 * Master key
11
12
13## How we use information we collect ##
14
15Once collected, site address and login name are crypted by a derived version of your master key.
16It's then sent to the server you configured in extension configuration page for comparison.
17
18This server has been set up by the user himself (recommended) or by a provider he trust in.
19
20The database that the server access to do comparisons only contains the crypted
21version of your information. They are never decrypted in the server side.
22
23If a comparison match, the real password is sent back to your extension were
24it's unencrypted using the same key.
25
26Finally, the application context is cleared and nothing is retained in memory
27nor written anywhere.
28
29
30## Accessing and updating your personal information ##
31
32As a user, you can add, edit and delete your crypted information through
33the web interface of the configuration defined server.
34
35During these operations, no clear information is sent to the server.
36
37
38## Information we share ##
39
40Nothing is shared with anyone. Nor on extension side nor on server side.
41
42
43## Information security ##
44
45Information transmitted to the server are done through an HTTPS AJAX request.
46Data are crypted using AES 256 CBC algorithm and the master key is prior
47derived using PKBDF2 algorithm.

Archive Download this file