Legal Documentation

We believe your data absolutely belongs to you. Here is how we enforce that.

Privacy Policy for SecurePass

Effective Date: March 15, 2026

Welcome to SecurePass ("we," "us," or "our"). We deeply respect your privacy and are committed to protecting your personal data. This Privacy Policy explains our practices regarding the collection, use, disclosure, and protection of your information when you use the SecurePass mobile application and website (collectively, the "Services").

SecurePass is designed as a strictly local-first, privacy-respecting password manager. Our core philosophy is that your data belongs entirely to you. We operate no centralized backend servers and the application functions entirely offline, with network access used exclusively for optional cloud synchronization via your personal Google Drive for vault backups.

By using SecurePass, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

A. Information You Provide to Us

SecurePass operates directly on your device. We do not have user accounts, sign-ups, or login functionality on any servers controlled by us.

  • Account Information: There is no account creation within SecurePass itself. You interact only with your locally encrypted vault. We do NOT collect, store, or transmit your email address, name, or Master Password to our own infrastructure.
  • Vault Data: All your passwords, cards, secure notes, and other credentials are encrypted locally on your device using strong encryption (AES-256-GCM / SQLCipher). We never have access to this raw data or your Master Password.

B. Information Received from Third Parties (Google APIs)

The only network activity SecurePass performs is if you explicitly utilize our Cloud Sync feature using Google Drive:

  • Authentication: We use Google OAuth solely to request your permission to access your Google Drive. We do not use this to create an account on our systems.
  • Storage Access: We request access to a hidden, application-specific folder in your Google Drive (https://www.googleapis.com/auth/drive.appdata).
  • Data Transferred: We only upload and download your heavily encrypted vault backup. We cannot read the contents of this backup, nor do we track its transmission. It flows directly between your device and Google's servers.
  • Google API Services User Data Policy: SecurePass's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

C. No Analytics or Trackers

SecurePass does not include third-party analytics trackers, crash reporting SDKs (like Crashlytics), or marketing telemetry. The application is completely silent on the network unless it is actively syncing to your personal Google Drive.

2. How We Use Your Information

Since we do not collect your personal information on our servers, we do not use it.

  • Your encrypted data remains strictly on your device or in your personal Google Drive.
  • Authentication with Google is strictly to facilitate the transfer of your encrypted backups to your own storage.

We do not use your information, including data received from Google APIs, for advertising, marketing, profiling, analytics, or selling to third parties.

3. Third-Party Services

Because there is zero network activity beyond Google Drive Sync, our third-party integrations are strictly limited:

  • Google Drive API: Used for optional cloud backup of encrypted vaults directly to your personal Google Drive. (Privacy Policy)
  • Google Play Services: If you download the app from the Google Play Store, standard Google Play Services relating to app distribution and device functionality apply. (Privacy Policy)

4. Biometric Authentication

SecurePass may utilize your device's built-in biometric authentication methods (such as Touch ID, Face ID, or Android Fingerprint) for unlocking the app locally.

  • Biometric data is stored natively and securely in your device's Secure Enclave or Keystore.
  • We do not collect, store, transmit, or have access to your biometric data. The authentication is handled entirely by your operating system, offline.

5. Data Retention and Deletion

Because we do not store your data on our servers, you are in full control of data retention and deletion.

Data Retention

  • Local Data: Your encrypted vault data remains on your device until you uninstall the app or clear its data.
  • Cloud Backups: Your encrypted backups stored on Google Drive remain there until you manually delete them.

Data Deletion Policy

You have the right to request and execute the deletion of your data at any time:

  • To delete your local vault data: Simply uninstall the SecurePass app from your device, or clear the app's storage data in your device settings.
  • To delete your Google Drive backups: Go to your Google Account settings -> "Security" -> "Third-party apps with account access" -> find SecurePass and select "Remove Access". To delete the hidden backup file itself, go to Google Drive settings -> "Manage Apps", find SecurePass, and select "Disconnect from Drive" and "Delete hidden app data."

Since we have no accounts and no servers, there is no Account Deletion process required on our end. Contacting us is not necessary to delete your data, as you alone possess and control it.

6. Security of Your Data

We prioritize the security of your data through strict technical measures:

  • Zero-Knowledge Architecture: We use end-to-end encryption. Only you hold the decryption key (your Master Password). If you lose your Master Password, your data cannot be recovered by us or anyone else.
  • Zero-Server Footprint: By not maintaining servers for user data, we eliminate common vectors for mass data breaches.
  • Data transmitted to Google Drive for syncing is protected using industry-standard TLS/SSL encryption provided by the device's operating system.

7. Children's Privacy

Our Services do not address anyone under the age of 13. We do not collect personally identifiable information from anyone on our own infrastructure, including children.

8. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top of this policy. You are advised to review this Privacy Policy periodically for any changes.

9. Contact Us

If you have any questions, concerns, or suggestions regarding this Privacy Policy or our zero-trust architecture, please contact us at:

Email: privacy@securepass.app
Website: www.securepass.app/privacy