48 lines
1.5 KiB
Markdown
48 lines
1.5 KiB
Markdown
gPass web browser extension Privacy Policy
|
|
------------------------------------------
|
|
|
|
|
|
## Information we collect ##
|
|
|
|
The gPass extension collect three information once invoked :
|
|
* Site address URL
|
|
* Login name
|
|
* Master key
|
|
|
|
|
|
## How we use information we collect ##
|
|
|
|
Once collected, site address and login name are encrypted by a derived version of your master key.
|
|
It's then sent to the server (password server) you configured in extension configuration page for comparison.
|
|
|
|
This server has been set up by the user himself (recommended) or by a provider he trust in.
|
|
|
|
The database that the server access to do comparisons only contains the crypted
|
|
version of your information. They are never decrypted in the server side.
|
|
|
|
If a comparison match, the real password is sent back to your extension were
|
|
it's unencrypted using the same key (derived masterkey).
|
|
|
|
Finally, the application context is cleared and nothing is kept in memory
|
|
nor written anywhere.
|
|
|
|
|
|
## Accessing and updating your personal information ##
|
|
|
|
As a user, you can add, edit and delete your ciphered information through
|
|
the web interface of the password server.
|
|
|
|
During these operations, no clear information is sent to the server.
|
|
|
|
|
|
## Information we share ##
|
|
|
|
Nothing is shared with anyone. Nor on extension side, nor on server side.
|
|
|
|
|
|
## Information security ##
|
|
|
|
Information transmitted to the server are done through an HTTPS AJAX request.
|
|
Data are encrypted using AES 256 CBC algorithm and the master key is prior
|
|
derived using PKBDF2 algorithm.
|