Privacy Policy

Last updated: February 16, 2025

TL;DR: We use true zero-knowledge architecture. Your passwords are generated locally using the Web Crypto API and never leave your browser. We literally cannot see them because they're never transmitted to us.

1) What This Policy Covers

GetPassnow is a browser-based password generator built with privacy by design. This policy explains our data practices, which are intentionally minimal.

2) Zero-Knowledge Architecture

GetPassnow implements true zero-knowledge architecture:

  • No transmission: Generated passwords never leave your browser
  • No storage: We don't have a database to store passwords in
  • No accounts: No registration means no personal data collection
  • No tracking: We don't use analytics or tracking scripts

Unlike services that "encrypt" your passwords before sending them to servers, we never receive them in the first place.

3) Technical Implementation

GetPassnow uses the Web Crypto API (specifically crypto.getRandomValues()) to generate cryptographically secure random values. This is the same technology used by:

  • Banking applications for encryption key generation
  • Password managers like Bitwarden and 1Password
  • Operating systems for cryptographic operations
  • Security-critical applications worldwide

All password generation happens entirely client-side in your browser. The generated passwords exist only in your browser's memory and clipboard.

4) Data We Do NOT Collect

  • Generated passwords (they never reach our servers)
  • Personal information (name, email, phone, etc.)
  • User accounts or profiles
  • Browsing behavior or analytics
  • Device fingerprints
  • IP addresses for tracking purposes

5) Data We May Process

When you load our website, standard web server logs may temporarily record:

  • IP address (for security and DDoS protection)
  • User agent (browser type and version)
  • Access timestamp
  • Requested URL

These logs are automatically rotated and deleted within 7 days, never linked to any user profile, and used only for security monitoring.

6) Local Storage & Cookies

What we store locally: Theme preference (light/dark mode) in browser localStorage

What we DON'T store: No tracking cookies, no advertising cookies, no third-party cookies, no generated passwords

7) Compliance

GetPassnow is designed with GDPR and CCPA principles in mind:

  • Data minimization: We collect only what's absolutely necessary
  • Purpose limitation: Data is used only for stated purposes
  • Storage limitation: Logs are deleted within 7 days
  • Right to be forgotten: No personal data means nothing to delete

8) Security Measures

  • HTTPS only: All traffic is encrypted in transit
  • Client-side generation: Passwords never traverse the network
  • No database: Can't be breached if it doesn't exist
  • Static site: No server-side vulnerabilities

9) Changes to This Policy

We may update this policy as the project evolves. Material updates will be reflected with a new "Last updated" date.

Bottom line: We built GetPassnow with privacy as the foundation. We can't compromise your privacy even if we wanted to, because we never receive your data in the first place. That's zero-knowledge done right.