* * * * *
Passave Logo Passave.

Zero-Knowledge Guarantee

Privacy Policy

1. Our Privacy Philosophy

Passave was built with one core philosophy: absolute privacy. We do not sell your data, we do not track your behavior across the internet, and our Zero-Knowledge architecture ensures that we literally cannot read your passwords, notes, or files even if we were legally compelled to do so.

2. Information We Collect

To operate the Service, we collect the bare minimum amount of information necessary:

  • Account Information: Your chosen username, first name, last name, and email address. This is used solely for authentication, account recovery, and critical security notices.
  • Vault Data: The passwords, notes, and files you save. This data is strictly encrypted on your device using AES-256 before it reaches our servers. We only store the resulting unintelligible ciphertext.
  • Authentication Logs: Basic server logs (such as IP addresses and timestamps) are kept temporarily to prevent brute-force attacks and abuse.

3. Cookies & Local Storage

We use strict, essential cookies and browser Local Storage/Session Storage exclusively to keep you securely logged in (via JSON Web Tokens) and to manage your local encryption state. We do not use third-party tracking, advertising, or analytics cookies.

4. Third-Party Integrations & Sub-Processors

Passave relies on specific third-party infrastructure to function securely:

  • Have I Been Pwned (HIBP): To alert you of compromised passwords, we utilize the HIBP API. We use the k-Anonymity model, sending only the first 5 characters of a SHA-1 hash of your password. Your full password is never exposed to HIBP.
  • Google OAuth: If you choose to "Sign in with Google," Google provides us with your email and basic profile information to authenticate your account.
  • MongoDB Atlas & Cloud Hosting: Our encrypted databases and servers are hosted on secure, industry-standard cloud infrastructure providers.

5. Data Retention & Your Rights

You have absolute ownership of your data. You may export your unencrypted vault data at any time via your dashboard.

If you choose to delete your account, your profile, authentication keys, and all encrypted vault data (including files) are permanently purged from our active databases immediately.

6. Contact Us

If you have any questions about this Privacy Policy, your data, or our security practices, please contact the developer at info@passave.org.