Privacy Policy

Last updated: February 2026

1. Password Processing (Zero Server Contact)

All core tools — Password Checker, Generator, and Passphrase Generator — run 100% locally in your browser using JavaScript. Your passwords and passphrases are never sent to our servers.

Password breach checking uses Have I Been Pwned's k-anonymity API: only a short prefix of a password hash (never your full password) is sent to their service.

2. Local Storage (Your Device Only)

Tools may use browser localStorage to remember preferences like default password length. This data stays on your device only and is never transmitted to us.

3. Google AdSense & Third-Party Advertising

This site displays ads from Google AdSense and potentially other third-party ad networks to support development.

These ad networks cannot see your passwords or generated values. However, they may collect:

IP address and approximate location (city/region)
Browser type/version, device information, screen resolution
Pages visited, time spent, ad clicks/impressions
Cookies, local storage, and similar tracking technologies
Advertising ID (resettable in device settings)

4. Google AdSense Specifics

Google AdSense uses cookies and tracking technologies to:

Serve relevant ads based on your visits to this and other websites
Measure ad performance and optimize delivery
Build interest-based advertising profiles across sites

Google Ads Privacy Controls:

Google Ads Settings - Manage personalized ads
YourAdChoices - Opt out of ad networks
Google Ads Policy - Full details

5. Cookie Consent & Global Privacy Controls

We honor Global Privacy Control (GPC) signals and browser Do Not Track requests. Cookie consent popup appears for first-time visitors (stored 1 year).

6. What We Don't Do

❌ Store or log your passwords/passphrases
❌ Sell your personal data to third parties
❌ Use Google Analytics or similar trackers
❌ Share password-related data with advertisers
❌ Target ads based on password inputs or security data

7. Children's Privacy

Not intended for children under 13 (or your local age minimum). We don't knowingly collect data from children. Ad networks have additional restrictions for child-directed sites.

8. Data Retention & Security

We don't store password data. Server access logs retained only as required by law. Ad network data retention controlled by their policies (Google retains ~26 months).

9. Your Rights (US State Laws, GDPR, CCPA)

Depending on your location, you may have rights to:

Access, delete, or opt-out of data "sale/sharing"
Correct inaccurate personal information
Limit sensitive data processing
Non-discrimination for exercising rights

Contact ad networks directly using links above, or contact us through our contact form.

10. Changes to This Policy

We'll update this policy if our practices or ad technologies change. Continued use after changes means acceptance. Check back periodically.