Privacy Policy

Last Updated: January 20, 2026

Overview

PassMan AI ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how our Password Manager and Chrome Extension collect, use, and safeguard your information.

Information We Collect

1. Authentication Data

  • Email address (for login)
  • Authentication tokens (stored locally)
  • Session information

2. Password Data

  • Website URLs
  • Usernames
  • Encrypted passwords
  • Website names

3. Usage Data

  • Extension interactions
  • Auto-fill/auto-save events
  • Error logs (anonymous)

How We Use Your Information

  • Password Management: Store and retrieve your encrypted passwords
  • Auto-fill: Automatically fill login forms on websites
  • Auto-save: Save new credentials when you sign up
  • Security: Monitor for data breaches via HaveIBeenPwned API
  • Sync: Synchronize passwords across your devices

Data Storage

  • Local Storage: Authentication tokens stored in Chrome's local storage
  • Server Storage: Encrypted passwords stored on our secure servers
  • Encryption: All passwords encrypted with AES-256 before storage
  • Zero-Knowledge: We cannot decrypt your passwords

Data Sharing

We DO NOT:

  • Sell your data to third parties
  • Share your passwords with anyone
  • Use your data for advertising
  • Track your browsing history

We MAY share data with:

  • HaveIBeenPwned API (hashed emails only, for breach monitoring)
  • Firebase (encrypted backup data)

Chrome Extension Permissions

Our extension requires these permissions:

  • storage: Store authentication tokens and settings locally
  • activeTab: Access current tab to auto-fill passwords
  • contextMenus: Add right-click menu options
  • notifications: Alert you about security issues
  • host_permissions: Communicate with our API server

Your Rights

You have the right to:

  • Access your data
  • Delete your account and all data
  • Export your passwords
  • Opt-out of breach monitoring
  • Disable auto-fill/auto-save

Data Retention

  • Active accounts: Data retained indefinitely
  • Deleted accounts: Data permanently deleted within 30 days
  • Logs: Retained for 90 days

Security

We implement:

  • AES-256 encryption
  • HTTPS/TLS for all communications
  • CSRF protection
  • Rate limiting
  • Regular security audits

Children's Privacy

Our service is not intended for users under 13 years of age. We do not knowingly collect data from children.

Changes to Privacy Policy

We may update this policy. Changes will be posted at this URL with an updated "Last Updated" date.

Contact Us

For privacy concerns:

Compliance

This service complies with:

  • Chrome Web Store Developer Program Policies
  • GDPR (for EU users)
  • CCPA (for California users)
  • General data protection regulations