Update PrivacyPolicy.md
This commit is contained in:
parent
32f36a1100
commit
85fa47037d
|
@ -2,7 +2,7 @@ gPass web browser extension Privacy Policy
|
||||||
------------------------------------------
|
------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
## Information we collect ##
|
## Information we collect ##
|
||||||
|
|
||||||
The gPass extension collect three information once invoked :
|
The gPass extension collect three information once invoked :
|
||||||
* Site address URL
|
* Site address URL
|
||||||
|
@ -10,10 +10,10 @@ The gPass extension collect three information once invoked :
|
||||||
* Master key
|
* Master key
|
||||||
|
|
||||||
|
|
||||||
## How we use information we collect ##
|
## How we use information we collect ##
|
||||||
|
|
||||||
Once collected, site address and login name are crypted by a derived version of your master key.
|
Once collected, site address and login name are encrypted by a derived version of your master key.
|
||||||
It's then sent to the server you configured in extension configuration page for comparison.
|
It's then sent to the server (password server) you configured in extension configuration page for comparison.
|
||||||
|
|
||||||
This server has been set up by the user himself (recommended) or by a provider he trust in.
|
This server has been set up by the user himself (recommended) or by a provider he trust in.
|
||||||
|
|
||||||
|
@ -21,27 +21,27 @@ The database that the server access to do comparisons only contains the crypted
|
||||||
version of your information. They are never decrypted in the server side.
|
version of your information. They are never decrypted in the server side.
|
||||||
|
|
||||||
If a comparison match, the real password is sent back to your extension were
|
If a comparison match, the real password is sent back to your extension were
|
||||||
it's unencrypted using the same key.
|
it's unencrypted using the same key (derived masterkey).
|
||||||
|
|
||||||
Finally, the application context is cleared and nothing is retained in memory
|
Finally, the application context is cleared and nothing is kept in memory
|
||||||
nor written anywhere.
|
nor written anywhere.
|
||||||
|
|
||||||
|
|
||||||
## Accessing and updating your personal information ##
|
## Accessing and updating your personal information ##
|
||||||
|
|
||||||
As a user, you can add, edit and delete your crypted information through
|
As a user, you can add, edit and delete your ciphered information through
|
||||||
the web interface of the configuration defined server.
|
the web interface of the password server.
|
||||||
|
|
||||||
During these operations, no clear information is sent to the server.
|
During these operations, no clear information is sent to the server.
|
||||||
|
|
||||||
|
|
||||||
## Information we share ##
|
## Information we share ##
|
||||||
|
|
||||||
Nothing is shared with anyone. Nor on extension side nor on server side.
|
Nothing is shared with anyone. Nor on extension side, nor on server side.
|
||||||
|
|
||||||
|
|
||||||
## Information security ##
|
## Information security ##
|
||||||
|
|
||||||
Information transmitted to the server are done through an HTTPS AJAX request.
|
Information transmitted to the server are done through an HTTPS AJAX request.
|
||||||
Data are crypted using AES 256 CBC algorithm and the master key is prior
|
Data are encrypted using AES 256 CBC algorithm and the master key is prior
|
||||||
derived using PKBDF2 algorithm.
|
derived using PKBDF2 algorithm.
|
||||||
|
|
Loading…
Reference in New Issue
Block a user