PassStore — Privacy Policy

Last updated: March 2026

         Short version: PassStore stores all your data locally
         on your device, encrypted. We collect nothing. We have no servers.
         Even the developers cannot access your data.
      

Overview

PassStore is a privacy-first, offline-first password manager. All data is stored locally on your device using strong encryption. PassStore does not use cloud servers, user accounts, or remote databases. When optional features like Desktop Sync are enabled, data travels only over your local Wi-Fi network and is end-to-end encrypted — it never reaches the internet.

Data We Collect

None. PassStore does not collect, store, or transmit any personal data to external servers. There are no analytics, no crash reporting, and no third-party SDKs that phone home. PassStore is designed so that even the developers cannot access your data.

Data Stored on Your Device

All passwords, card details, and notes you enter are stored locally on your device only, encrypted using AES-256 via the device's secure storage. Encryption keys are secured using device-level secure storage mechanisms (iOS Keychain / Android Keystore). This data never leaves your device unless you explicitly use the Export or Desktop Sync features.

Biometric Authentication

PassStore uses Face ID / fingerprint / device PIN to unlock the app. Biometric data is handled entirely by your device's operating system and is never accessible to PassStore.

System Autofill (iOS & Android)

PassStore can act as your device's system autofill provider, allowing you to fill passwords directly into apps and browsers. This functionality operates entirely on-device and does not transmit any data externally.

iOS: Uses the iOS Credential Provider Extension. Credentials are shared between the app and the extension through a secure, sandboxed App Group on your device.
Android: Uses the Android AutofillService framework. Credentials are provided on demand when a login form is detected.

All autofill data stays on your device. No credentials are sent to any server.

Card Scanning (Camera & OCR)

PassStore can use your device camera to scan credit or debit cards. The card image is processed entirely on-device using local OCR to extract the card number, expiry date, and cardholder name. No images or extracted data are transmitted off your device. The camera is only activated when you explicitly open the card scanner.

Financial Data

PassStore may store financial information such as credit and debit card details locally on your device. This data is encrypted using AES-256 and is never shared, uploaded, or transmitted to any server or third party.

Desktop Sync & Browser Extension

PassStore offers an optional Desktop Sync feature that lets you autofill passwords on your desktop browser using the PassStore browser extension.

Communication happens only over your local Wi-Fi network (LAN) — no data is sent over the internet.
All messages are AES-256 encrypted end-to-end using a key established during pairing (via QR code or 6-digit code).
Each credential request requires explicit approval on your phone (unless you temporarily trust the device for that domain, up to 1 hour).
Credentials are held in memory only on the desktop and are never written to disk by the browser extension.
Connection details stored by the extension (device IP, pairing key, timestamp) are cleared when you disconnect or uninstall.

Backup & Export

When you use the Export feature, an encrypted backup file is created and shared via your device's native share sheet. You control where it goes. PassStore does not receive or store a copy.

Data Deletion

You can delete all stored data at any time directly from within the app. Since no data is stored on external servers, deletion is immediate and permanent. Uninstalling the app removes all locally stored data from your device.

Permissions Explained

Permission	Why It's Needed
Camera	Scan credit/debit cards to extract card details via on-device OCR
Biometrics	Authenticate you via Face ID, fingerprint, or device PIN
Local Network / Wi-Fi State	Enable Desktop Sync to communicate with the browser extension over your LAN
Internet	Required by the OS for local network socket communication (no external connections are made)

Clipboard

When you copy a password or card number, it is placed in your device clipboard. PassStore does not log or transmit copied content.

Third-Party Services

PassStore uses no third-party services, analytics, tracking, advertising SDKs, or telemetry — in both the mobile app and the browser extension. Your data is never sold or shared with any third party.

Security

PassStore is designed with security as a core principle:

All sensitive data is encrypted using AES-256 before being stored.
Encryption keys are stored using device-level secure storage (iOS Keychain / Android Keystore).
Desktop Sync uses end-to-end encryption over your local network.
No data ever transits the internet.
PassStore's architecture ensures that even the developers have no ability to access your stored data.

Children's Privacy

PassStore does not knowingly collect information from children under 13.

Changes to This Policy

Updates to this policy will be posted on this page with a revised date. Continued use of the app after changes constitutes acceptance.

Contact

Questions? Email: dontag.np1999@email.com