Try Free

Legal

Privacy Policy

Last updated:

Summary

Passphere is a zero-knowledge, offline-first password manager. We do not collect, transmit, or store any of your passwords or personal data on any server. Your data never leaves your device unless you explicitly choose to sync or export it yourself.

This Privacy Policy explains what information Passphere handles, how it is handled, and your rights regarding that information. It applies to the Passphere web app (PWA), iOS app, and Android app.

Data We Collect

We collect no personal data. Passphere does not require you to create an account, provide an email address, or share any personal information to use the application.

The following types of data exist only on your device and are never sent to us:

  • Vault data — your encrypted passwords, usernames, URLs, and notes
  • Vault names and structure — how you organise your vaults
  • Master passwords — used locally for encryption only; never transmitted
  • App settings and preferences — stored locally on your device

Local Storage

All vault data is stored locally on your device using your browser or operating system's built-in secure storage. Data is encrypted with AES-GCM before being written to storage, using a key derived from your master password via PBKDF2 with 100,000 iterations and a unique random salt.

This means:

  • Your data is unreadable without your master password
  • We have no technical ability to decrypt or access your vault, even if we wanted to
  • If you forget your master password, there is no recovery mechanism — this is intentional
  • Uninstalling the app or clearing browser storage will permanently delete your local data

We strongly recommend exporting an encrypted backup of your vault regularly and storing it in a safe place.

Device Sync

Passphere offers optional device-to-device sync. All sync methods are peer-to-peer — data travels directly between your devices without passing through any server we operate.

  • Quick Sync (QR code) — uses a temporary peer-to-peer connection (via PeerJS). The connection is direct between your devices. No vault data is stored on the PeerJS signalling server; it is used only to establish the connection.
  • Offline Sync — data is transferred by copy-pasting encrypted connection strings between devices manually. No network connection is required. No third party is involved.

In both cases, all data transferred during sync is encrypted before leaving your device. Only a device that already holds the correct master password can decrypt it.

Website Analytics

The Passphere promotional website (passphere.app) may collect standard web server logs, including IP addresses, browser type, and pages visited. This information is used solely for diagnosing technical issues and is not sold or shared with third parties for advertising purposes.

We do not use any third-party analytics scripts, advertising trackers, or fingerprinting technologies on this website.

Third Parties

Passphere does not share any user data with third parties. The app does not include advertising SDKs, behavioural analytics tools, or data brokers.

The following third-party services are used in limited, non-personal capacities:

  • PeerJS — used only to establish peer-to-peer connections during Quick Sync. No vault content passes through PeerJS servers.
  • Google Fonts — the promotional website loads the Inter typeface from Google's CDN. Google may log this request per their own privacy policy.
  • Apple App Store / Google Play — if you purchase the iOS or Android app, your transaction is handled by Apple or Google under their respective privacy policies.

Children

Passphere does not knowingly collect any personal information from children under the age of 13 (or the applicable age of digital consent in your jurisdiction). Since we collect no personal data from any users, Passphere is safe to use regardless of age.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of Passphere after changes are posted constitutes your acceptance of the updated policy.

Because we collect no personal data, changes to this policy will never retroactively affect data we hold about you — because we hold none.

Contact

If you have any questions about this Privacy Policy or Passphere's data practices, please contact:

Hideki Kotsubo
Creator of Passphere
[email protected]