1.5 KiB

gPass web browser extension Privacy Policy

Information we collect

The gPass extension collect three information once invoked :

  • Site address URL
  • Login name
  • Master key

How we use information we collect

Once collected, site address and login name are encrypted by a derived version of your master key. It's then sent to the server (password server) you configured in extension configuration page for comparison.

This server has been set up by the user himself (recommended) or by a provider he trust in.

The database that the server access to do comparisons only contains the crypted version of your information. They are never decrypted in the server side.

If a comparison match, the real password is sent back to your extension were it's unencrypted using the same key (derived masterkey).

Finally, the application context is cleared and nothing is kept in memory nor written anywhere.

Accessing and updating your personal information

As a user, you can add, edit and delete your ciphered information through the web interface of the password server.

During these operations, no clear information is sent to the server.

Information we share

Nothing is shared with anyone. Nor on extension side, nor on server side.

Information security

Information transmitted to the server are done through an HTTPS AJAX request. Data are encrypted using AES 256 CBC algorithm and the master key is prior derived using PKBDF2 algorithm.