From 85fa47037d738cc77f4eac6773755727c8f51acb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9gory=20Soutad=C3=A9?= Date: Wed, 26 Feb 2020 16:09:22 +0100 Subject: [PATCH] Update PrivacyPolicy.md --- PrivacyPolicy.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/PrivacyPolicy.md b/PrivacyPolicy.md index 88ea16b..000b3df 100644 --- a/PrivacyPolicy.md +++ b/PrivacyPolicy.md @@ -2,18 +2,18 @@ gPass web browser extension Privacy Policy ------------------------------------------ -## Information we collect ## +## Information we collect ## The gPass extension collect three information once invoked : * Site address URL - * Login name - * Master key + * Login name + * Master key -## How we use information we collect ## +## How we use information we collect ## -Once collected, site address and login name are crypted by a derived version of your master key. -It's then sent to the server you configured in extension configuration page for comparison. +Once collected, site address and login name are encrypted by a derived version of your master key. +It's then sent to the server (password server) you configured in extension configuration page for comparison. This server has been set up by the user himself (recommended) or by a provider he trust in. @@ -21,27 +21,27 @@ The database that the server access to do comparisons only contains the crypted version of your information. They are never decrypted in the server side. If a comparison match, the real password is sent back to your extension were -it's unencrypted using the same key. +it's unencrypted using the same key (derived masterkey). -Finally, the application context is cleared and nothing is retained in memory +Finally, the application context is cleared and nothing is kept in memory nor written anywhere. ## Accessing and updating your personal information ## -As a user, you can add, edit and delete your crypted information through -the web interface of the configuration defined server. +As a user, you can add, edit and delete your ciphered information through +the web interface of the password server. During these operations, no clear information is sent to the server. ## Information we share ## -Nothing is shared with anyone. Nor on extension side nor on server side. +Nothing is shared with anyone. Nor on extension side, nor on server side. -## Information security ## +## Information security ## Information transmitted to the server are done through an HTTPS AJAX request. -Data are crypted using AES 256 CBC algorithm and the master key is prior +Data are encrypted using AES 256 CBC algorithm and the master key is prior derived using PKBDF2 algorithm.