Update PrivacyPolicy.md
This commit is contained in:
parent
32f36a1100
commit
85fa47037d
|
@ -2,7 +2,7 @@ gPass web browser extension Privacy Policy
|
|||
------------------------------------------
|
||||
|
||||
|
||||
## Information we collect ##
|
||||
## Information we collect ##
|
||||
|
||||
The gPass extension collect three information once invoked :
|
||||
* Site address URL
|
||||
|
@ -10,10 +10,10 @@ The gPass extension collect three information once invoked :
|
|||
* Master key
|
||||
|
||||
|
||||
## How we use information we collect ##
|
||||
## How we use information we collect ##
|
||||
|
||||
Once collected, site address and login name are crypted by a derived version of your master key.
|
||||
It's then sent to the server you configured in extension configuration page for comparison.
|
||||
Once collected, site address and login name are encrypted by a derived version of your master key.
|
||||
It's then sent to the server (password server) you configured in extension configuration page for comparison.
|
||||
|
||||
This server has been set up by the user himself (recommended) or by a provider he trust in.
|
||||
|
||||
|
@ -21,27 +21,27 @@ The database that the server access to do comparisons only contains the crypted
|
|||
version of your information. They are never decrypted in the server side.
|
||||
|
||||
If a comparison match, the real password is sent back to your extension were
|
||||
it's unencrypted using the same key.
|
||||
it's unencrypted using the same key (derived masterkey).
|
||||
|
||||
Finally, the application context is cleared and nothing is retained in memory
|
||||
Finally, the application context is cleared and nothing is kept in memory
|
||||
nor written anywhere.
|
||||
|
||||
|
||||
## Accessing and updating your personal information ##
|
||||
|
||||
As a user, you can add, edit and delete your crypted information through
|
||||
the web interface of the configuration defined server.
|
||||
As a user, you can add, edit and delete your ciphered information through
|
||||
the web interface of the password server.
|
||||
|
||||
During these operations, no clear information is sent to the server.
|
||||
|
||||
|
||||
## Information we share ##
|
||||
|
||||
Nothing is shared with anyone. Nor on extension side nor on server side.
|
||||
Nothing is shared with anyone. Nor on extension side, nor on server side.
|
||||
|
||||
|
||||
## Information security ##
|
||||
## Information security ##
|
||||
|
||||
Information transmitted to the server are done through an HTTPS AJAX request.
|
||||
Data are crypted using AES 256 CBC algorithm and the master key is prior
|
||||
Data are encrypted using AES 256 CBC algorithm and the master key is prior
|
||||
derived using PKBDF2 algorithm.
|
||||
|
|
Loading…
Reference in New Issue
Block a user