Privacy Policy

Effective date: March 31, 2026

Dashpass is a zero-knowledge password manager. Your master password and plaintext credentials never leave your device. All encryption and decryption happens entirely in your browser before any data reaches our server.

1. What We Mean by Zero-Knowledge

Dashpass uses AES-256-GCM client-side encryption. Your master password is used to derive an encryption key locally using PBKDF2. Vault entries are encrypted and decrypted entirely within the Chrome extension. The server only ever receives and stores ciphertext.

This means:

We cannot read your passwords, even if our server were compromised.
We cannot recover your master password if you forget it.
We never transmit plaintext credentials over the network.

2. Data We Collect

Dashpass collects only the minimum data required to operate:

Account email — used for authentication.
Encrypted vault data — your credentials, stored as AES-256-GCM ciphertext on our server. We cannot decrypt this data.

We do not collect browsing history, keystrokes, analytics, or telemetry of any kind.

3. Why the Extension Accesses All URLs

The Dashpass Chrome extension requests the <all_urls> host permission and runs a content script on every page. This is used exclusively to:

Detect login and registration forms on websites you visit.
Autofill your saved credentials into those forms when you choose to.
Offer to save new credentials when you submit a login form.

The extension does not read page content for any other purpose, does not track which sites you visit, and does not send any page data to our server or any third party.

4. Data Sharing

We do not sell, rent, trade, or share your data with any third parties. Period.

5. Data Storage and Security

Your encrypted vault is stored on a server secured with HTTPS.
Authentication tokens are stored in Chrome's built-in chrome.storage API.
All communication between the extension and the server uses TLS encryption.

6. Your Rights

You may request deletion of your account and all associated encrypted data at any time by contacting us. Upon deletion, all stored ciphertext is permanently removed from our server.

7. Changes to This Policy

If we update this privacy policy, the revised version will be posted on this page with an updated effective date. Material changes will be communicated through the extension or via email.

8. Contact

If you have any questions or concerns about this privacy policy or the Dashpass extension, contact us at:

[email protected]