gPass/PrivacyPolicy.md

48 lines
1.5 KiB
Markdown
Raw Normal View History

2017-12-05 08:06:48 +01:00
gPass web browser extension Privacy Policy
------------------------------------------
2020-02-26 16:09:22 +01:00
## Information we collect ##
2017-12-05 08:06:48 +01:00
The gPass extension collect three information once invoked :
* Site address URL
2020-02-26 16:09:22 +01:00
* Login name
* Master key
2017-12-05 08:06:48 +01:00
2020-02-26 16:09:22 +01:00
## How we use information we collect ##
2017-12-05 08:06:48 +01:00
2020-02-26 16:09:22 +01:00
Once collected, site address and login name are encrypted by a derived version of your master key.
It's then sent to the server (password server) you configured in extension configuration page for comparison.
2017-12-05 08:06:48 +01:00
This server has been set up by the user himself (recommended) or by a provider he trust in.
The database that the server access to do comparisons only contains the crypted
version of your information. They are never decrypted in the server side.
If a comparison match, the real password is sent back to your extension were
2020-02-26 16:09:22 +01:00
it's unencrypted using the same key (derived masterkey).
2017-12-05 08:06:48 +01:00
2020-02-26 16:09:22 +01:00
Finally, the application context is cleared and nothing is kept in memory
2017-12-05 08:06:48 +01:00
nor written anywhere.
## Accessing and updating your personal information ##
2020-02-26 16:09:22 +01:00
As a user, you can add, edit and delete your ciphered information through
the web interface of the password server.
2017-12-05 08:06:48 +01:00
During these operations, no clear information is sent to the server.
## Information we share ##
2020-02-26 16:09:22 +01:00
Nothing is shared with anyone. Nor on extension side, nor on server side.
2017-12-05 08:06:48 +01:00
2020-02-26 16:09:22 +01:00
## Information security ##
2017-12-05 08:06:48 +01:00
Information transmitted to the server are done through an HTTPS AJAX request.
2020-02-26 16:09:22 +01:00
Data are encrypted using AES 256 CBC algorithm and the master key is prior
2017-12-05 08:06:48 +01:00
derived using PKBDF2 algorithm.