48 lines
1.5 KiB
Markdown
48 lines
1.5 KiB
Markdown
gPass web browser extension Privacy Policy
|
||
------------------------------------------
|
||
|
||
|
||
## Information we collect ##
|
||
|
||
The gPass extension collect three information once invoked :
|
||
* Site address URL
|
||
* Login name
|
||
* Master key
|
||
|
||
|
||
## How we use information we collect ##
|
||
|
||
Once collected, site address and login name are crypted by a derived version of your master key.
|
||
It's then sent to the server you configured in extension configuration page for comparison.
|
||
|
||
This server has been set up by the user himself (recommended) or by a provider he trust in.
|
||
|
||
The database that the server access to do comparisons only contains the crypted
|
||
version of your information. They are never decrypted in the server side.
|
||
|
||
If a comparison match, the real password is sent back to your extension were
|
||
it's unencrypted using the same key.
|
||
|
||
Finally, the application context is cleared and nothing is retained in memory
|
||
nor written anywhere.
|
||
|
||
|
||
## Accessing and updating your personal information ##
|
||
|
||
As a user, you can add, edit and delete your crypted information through
|
||
the web interface of the configuration defined server.
|
||
|
||
During these operations, no clear information is sent to the server.
|
||
|
||
|
||
## Information we share ##
|
||
|
||
Nothing is shared with anyone. Nor on extension side nor on server side.
|
||
|
||
|
||
## Information security ##
|
||
|
||
Information transmitted to the server are done through an HTTPS AJAX request.
|
||
Data are crypted using AES 256 CBC algorithm and the master key is prior
|
||
derived using PKBDF2 algorithm.
|