Absolutely. A clear, professional English Privacy Policy is mandatory for the Chrome Web Store.
Here is the final, polished, and policy-compliant English Privacy Policy for SecuraKey: Password Manager & 2FA Autofill.
Version 1.0 – 2025-11-30
This document describes how the SecuraKey Chrome extension collects, uses, stores, and protects user data. This policy is written to satisfy Chrome Web Store requirements and to provide users with full transparency regarding their security.
SecuraKey is a client-side only password manager. Our fundamental architecture is built on Zero-Knowledge and End-to-End Encryption (E2EE) principles. All sensitive data is encrypted and kept locally within your browser's secure storage; no unencrypted information is ever sent to external servers.
We adhere to a strict policy of data minimization. The only data collected and stored is essential for the core function of the extension.
Data Category
Collected Items
Where It Is Stored
Security & Privacy Disclosure
Master Password
Never stored. Only used in-memory to derive a cryptographic encryption key.
In RAM during the unlocked session only.
We cannot retrieve your data if you forget your Master Password.
Vault Entries
Site domain, username, password (encrypted).
chrome.storage.local (local, encrypted, isolated storage).
The vault is inaccessible to us or any third party.
User Settings
Auto-lock timeout, UI preferences.
chrome.storage.local.
Used solely to personalize the extension experience.
Browser Information
Browser name, version.
Not persisted; used only for UI compatibility.
No other personal information (e-mail, location, browsing history) is collected.
We utilize industry-leading cryptographic standards:
Encryption Algorithm: AES-256-GCM (Advanced Encryption Standard with Galois/Counter Mode), generated via the Web Crypto API.
Key Derivation Function (KDF): PBKDF2 (Password-Based Key Derivation Function 2) is used with a minimum of 100,000 iterations, a 128-bit random salt, and SHA-256 to ensure the Master Password cannot be brute-forced.
Initialization Vector (IV): A 96-bit random IV is generated for each encryption operation, ensuring each entry is uniquely protected.
Local Storage Isolation: Data is stored in chrome.storage.local, which is sandboxed and inaccessible to other extensions or websites.
We only request the permissions necessary to provide the Password Manager functionality, strictly following the Chrome Web Store policy guidelines.
Permission
Reason for Request
storage
Required to store the encrypted vault and user settings locally on your device.
activeTab
Needed to detect the current URL and display the stored credentials relevant to the active site when the extension is opened.
scripting
Necessary to inject content.js into the page to securely fill login fields upon user request (Autofill).
tabs
Used to communicate messages between extension components (Popup, Background) and the active tab for Autofill actions.
<all_urls> (Host Permission)
Essential to allow the content script to run on any website where a login form might appear, enabling universal Autofill functionality.
None. All data remains exclusively on the user's device. The extension does not transmit any information—encrypted or otherwise—to external servers, APIs, or third-party services.
Action
How to Perform It
Delete the entire vault
Open Settings → Clear Vault/Data option, or manually clear the vault from chrome.storage.local.
Change Master Password
Settings → "Change Master Password". The entire vault is re-encrypted with the new key.
Export vault
Settings → "Export Vault" downloads a file containing the encrypted entries for safe backup.
Data Inquiries
Contact us via the provided email address for any privacy-related questions or data-deletion requests.
We may update this policy to reflect changes in legal, technical, or functional requirements. Significant updates will be communicated via a notice within the extension's Settings page or through the Chrome Web Store listing.
For questions regarding this policy or data security:
Purpose
Contact
General Support / Privacy Questions
[Insert Contact Email Here, e.g., onemiccar@gmail.com ]
Security Vulnerability Reports
[Insert Dedicated Security Email Here, e.g., miccartone@gmail.com]
By using SecuraKey, you acknowledge that you have read and understood this Privacy Policy.