Privacy Policy

Google recently sent us a note requiring this page to be linked to our development account, though it is quite unnecessary because all our apps have their own specific Privacy Policy clearly written in their Help pages (look near the bottom). Still, here is a generic set of statements that are good for all our apps:

  • What information we collect from you: one word: NOTHING. All our apps run locally and do not connect to any server other than Google, and that minimally. We believe servers are evil.
  • Still, some of the apps (PassLok, SeeOnce, SynthPass, FusionKey) do store data in Chrome sync in order to provide a seamless experience as you change computers. This means that it gets sent to Google, which stores it somewhere we don't know. All potentially sensitive data sent to Chrome sync, however, is encrypted before syncing with a key that does not get synced or even stored locally, so Google cannot get the plain data even if they wanted to.
  • PassLok Privacy and FusionKey give users the option to post their Locks in a public General Directory, which we host. This has to be done manually by the user and is not required for the extension to run. Locks are safe to share, however, since they do not allow decryption, only encryption.
  • How we use that information: given that we collect nothing from you, it brings us closer to Nirvana. Ah, the peace!
  • In the case of data synced to Google, we don't believe they can do anything with it, either, since all sensitive information is encrypted before sending.
  • Concerning Locks posted on the General Directory, we don't do anything with them, or even look at them. Every six months, Locks get deleted if the person who posted them does not respond to a request sent by email.
  • What information we share: Locks voluntarily posted in the General Directory are shared to anyone who provides the email address associated with it. This is done as a service to our users so that others can send them secure information more easily. Locks are used to encrypt, not to decrypt, and so a third party having a user's Lock is still unable to decrypt any private information (which we don't host, anyway) meant for that user.
  • Besides that, only this one bit, and right here: if we catch anyone, including Google or any government, messing with our code to install backdoors or suchlike, we're going to hunt you down and beat you with a wet noodle until you ooze yellow blood.