Privacy Policy

Last updated: March 2026

1. Introduction

This Privacy Policy describes how Privacy Guardian ("we", "us", or "our") collects, uses, and protects information in connection with our password manager services, browser extension, and related websites (collectively, the "Service"). Because Privacy Guardian is designed as a zero-knowledge password manager, we deliberately limit what information we collect and store.

2. Information we collect

We collect and process only the information that is necessary to operate the Service and keep it secure.

  • Account information: When you create an account, we collect your email address and basic account metadata (such as account creation time and status). This information is used for authentication, account management, and necessary communications about the Service.
  • Encrypted vault data: Your stored passwords, usernames, URLs, secure notes, WiFi credentials, and MFA secrets are encrypted on your device before being transmitted to our servers. We store only the resulting ciphertext and limited metadata (for example, folder identifiers and timestamps). We cannot view the decrypted contents of your vault.
  • Browser extension interactions: When you use the browser extension to save or fill a login, it reads the form fields on the page you are using. This data is processed locally by the extension and, if you confirm, is sent to the Service as part of an encrypted vault item.
  • Service logs and diagnostics: We may collect minimal technical information such as timestamps, IP address used at the time of a request, and error messages generated by the Service. This information is used for security, abuse prevention, and troubleshooting, and is not combined with your decrypted vault contents.

3. Data we deliberately do not collect

  • No master passwords: Your master password is never sent to our servers and is not stored by us in any form.
  • No decrypted vault contents: We never receive, log, or store your passwords, notes, or other vault data in unencrypted form.
  • No advertising profiles: We do not collect data for targeted advertising and do not sell or rent your personal information to third parties.

4. Encryption and key management

Privacy Guardian uses client-side encryption. Your vault is encrypted and decrypted only on your devices.

  • Key derivation: Your encryption key is derived from your master password using PBKDF2-HMAC-SHA-256 with a unique per-user salt and a high iteration count. This key is created on your device, kept in memory while your vault is unlocked, and is never transmitted to our servers.
  • Content encryption: Vault items are encrypted with AES-256-GCM using a fresh initialization vector (IV) for each encryption operation. The resulting ciphertext, along with the IV and authentication tag, is stored on our servers.
  • Zero-knowledge: Because we do not possess your master password or derived encryption keys, we cannot decrypt your vault. If you lose your master password, we cannot recover your existing data.

5. How we use your information

We use the information we collect strictly for the operation, maintenance, and improvement of the Service.

  • To authenticate you and provide access to your encrypted vault across devices.
  • To sync encrypted vault data between your devices.
  • To provide features such as autofill, breach monitoring, password strength analysis, and security insights.
  • To protect the Service against abuse, fraud, and security threats.
  • To communicate with you about important changes to the Service or this policy.

We do not use your information for third-party advertising and do not sell your personal information to third parties.

6. Browser extension behavior

The Privacy Guardian browser extension operates within your browser to help you save and fill credentials on websites you visit.

  • The extension injects a content script into pages to detect login forms and offer to save or autofill credentials.
  • Form data is accessed only when you submit a form (in order to offer "Save this login") or when you explicitly choose to autofill a stored login.
  • The extension does not perform keystroke logging or continuous browsing tracking and does not collect information beyond what is necessary to provide the save and fill functionality.

7. Service providers and infrastructure

We use standard hosting infrastructure and a MySQL database to operate the Service. Encrypted vault data and related metadata are stored on this infrastructure. Service providers that host or process this data act on our behalf and are contractually prohibited from using your information for their own purposes.

We do not currently use third-party analytics, advertising networks, or social media trackers within the Service.

8. Data retention and deletion

We retain your encrypted vault data and account information for as long as your account is active. If you delete your account, we will delete or irreversibly anonymize associated personal data within a reasonable period, subject to any legal obligations that require longer retention (for example, for security or fraud-prevention logs).

9. Your rights and choices

Depending on your location, you may have rights under applicable data protection laws, including the right to access, correct, or delete your personal information.

  • You can update or delete data in your vault directly from within the application.
  • You can request deletion of your account and associated data.
  • You may contact us to request access to the limited personal data we hold about you (such as your account information and basic logs).

10. Children's privacy

The Service is not directed to children under the age where parental consent is required in their jurisdiction, and we do not knowingly collect personal information from such children. If you believe a child has provided us with personal information, please contact us so that we can take appropriate action.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date above and may notify you through the Service or by email.

12. Contact us

If you have questions about this Privacy Policy or how we handle your data, you can contact us at [email protected].