Privacy Policy for PassPad

Last updated: May 28, 2025

      Important: PassPad is designed with privacy and security
      as core principles. Your sensitive vault data is encrypted end-to-end and
      stored both on our secure servers and locally on your device for offline
      access. We use zero-knowledge encryption, meaning only you can decrypt and
      access your passwords and notes - we cannot see your vault contents even
      though they are stored on our servers.
    

1. Information We Collect

1.1 Account Information

When you create an account with PassPad, we collect:

Email Address: Used for account authentication and recovery
Master Password (Hashed): Stored in hashed form for authentication purposes only
Encryption Salt: Unique salt for your account used in key derivation (stored on our servers)
Account Creation Date: For account management purposes
Authentication Tokens: Access and refresh tokens for secure API communication

1.2 Vault Data (End-to-End Encrypted)

Your vault data is encrypted end-to-end and stored in two locations:

1.2.1 Server Storage (Primary)

Encrypted Login Credentials: Usernames, passwords, URLs, and notes (all encrypted)
Encrypted Secure Notes: Rich-text notes and custom fields (all encrypted)
Metadata: Creation dates, modification dates, and item IDs (not encrypted)
Sync Data: Information for cross-device synchronization

1.2.2 Local Storage (Offline Access)

Cached Vault Data: Local copy of your encrypted vault for offline access
App Settings: User preferences and security configurations
Encryption Keys: Derived encryption keys stored securely on your device

1.3 Biometric Data

If you choose to enable biometric authentication (fingerprint, face recognition, etc.):

Biometric data is processed locally on your device using your device's secure biometric APIs
We do not collect, store, or transmit your biometric information to our servers
Biometric authentication is used solely to unlock the app locally

1.4 Technical Information

We may collect limited technical information for app functionality:

Device information (OS version, app version) for compatibility
Error logs and crash reports (anonymized) for app improvement
Network connectivity status for sync functionality
API request metadata for security and performance monitoring

2. How We Use Your Information

2.1 Primary Purposes

Account Authentication: Verify your identity when logging into the app
Data Security: Encrypt and protect your sensitive information
App Functionality: Enable core password management features
Local Storage: Store your encrypted vault data on your device

2.2 Security Measures

All sensitive data is encrypted using industry-standard AES encryption
Passwords are stored using secure key derivation functions
Local authentication prevents unauthorized access to your vault
App lock functionality protects against unauthorized access

3. Data Storage and Security

3.1 Local Storage

Your vault data is stored locally on your device using:

SQLite Database: Encrypted database for vault items
Secure Storage: Device keychain/keystore for sensitive keys
Encrypted Preferences: App settings and configurations

3.2 Encryption

End-to-end encryption ensures only you can access your data
Master password derivatives are used for encryption keys
Each vault item is individually encrypted
Encryption keys never leave your device

3.3 Network Security

All network communications use HTTPS encryption
API requests are authenticated and secured
No vault contents are transmitted over the network

4. Data Sharing and Disclosure

      We do not sell, trade, or share your personal information with third
        parties.
    

4.1 No Third-Party Sharing

Your vault contents remain private and are never shared
We do not use your data for advertising or marketing purposes
No analytics or tracking services have access to your sensitive data

4.2 Legal Requirements

We may disclose information only when required by law, but this would be limited to:

Account information (email address)
Technical metadata (if legally required)
We cannot access your encrypted vault contents even if legally required

5. Your Rights and Controls

5.1 Data Access and Control

Full Control: You have complete control over your vault data
Export: You can export your vault data at any time
Deletion: You can delete your account and all associated data
Local Storage: All data remains on your device under your control

5.2 Security Settings

Configure app lock timeout periods
Enable/disable biometric authentication
Control screenshot prevention
Manage master password requirements

6. Third-Party Services

6.1 Device Services

The app integrates with device services for enhanced security:

Biometric APIs: For fingerprint/face authentication (processed locally)
Secure Storage: Device keychain/keystore for key management
Camera/Gallery: For profile pictures (stored locally, optional)

6.2 No External Analytics

We do not use Google Analytics, Facebook Analytics, or similar services
No user behavior tracking or profiling
No advertising networks or marketing platforms

7. Children's Privacy

PassPad is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

8. Data Retention

Account Data: Retained until account deletion
Vault Data: Stored locally until manually deleted by user
Technical Logs: Automatically purged after 30 days
Deleted Data: Permanently removed from all systems

9. International Data Transfers

Since all sensitive data is stored locally on your device:

Your vault contents never leave your device
Only minimal account authentication data may be processed on our servers
All server communications are encrypted and secured

10. Updates to This Privacy Policy

We may update this privacy policy from time to time. When we do:

We will notify users through the app
The "Last updated" date will be revised
Continued use of the app constitutes acceptance of the updated policy
Material changes will require explicit user consent

11. Security Incident Response

In the unlikely event of a security incident:

We will notify affected users promptly
Your vault contents remain protected by local encryption
We will provide guidance on protective measures
Incident details will be transparently communicated

12. Contact & Support

If you have any questions about this Privacy Policy, the app's behavior, or need support using PassPad, please contact us:

Support Email: adbiyas01@gmail.com
App Name: PassPad
Developer: Adbiyas Inc.

13. Compliance

This app is designed to comply with:

GDPR: European General Data Protection Regulation
CCPA: California Consumer Privacy Act
COPPA: Children's Online Privacy Protection Act
Google Play Policy: Google Play Developer Policy requirements

      Summary: PassPad prioritizes your privacy and security.
      Your sensitive data is encrypted and stored locally on your device. We
      collect minimal information necessary for app functionality and never
      share your personal data with third parties. You maintain full control
      over your data at all times.
    