Privacy Policy

Introduction

VaultPlus ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we handle your information when you use our password management application.

Data Storage and Security

VaultPlus is designed with privacy as a core principle. Here's how we handle your data:

• Local Storage: All your passwords and sensitive data are encrypted and stored locally in your browser's IndexedDB. We do not have access to your data.
• End-to-End Encryption: Your vault is encrypted with your master password using industry-standard encryption (AES-256). Only you can decrypt your data.
• No Server Storage: We do not store your passwords, master password, or any sensitive information on our servers. Everything stays on your device.
• Master Password: Your master password is never transmitted or stored anywhere. It exists only in your device's memory while the app is unlocked.

Google Drive Integration

If you choose to use Google Drive backup functionality:

• Encrypted Backups: All backups uploaded to Google Drive are encrypted with your master password before leaving your device.
• Limited Access: VaultPlus only requests access to files it creates (using the "drive.file" scope). We cannot access any other files in your Google Drive.
• OAuth Token: Your Google Drive access token is stored locally in your browser and expires after 1 hour. We do not store this token on any server.
• Optional Feature: Google Drive backup is completely optional. You can use VaultPlus without connecting to Google Drive.

Information We Collect

VaultPlus collects minimal information:

• Account Information: Your email address and name (stored locally in your browser).
• Usage Data: We do not collect analytics, telemetry, or usage data.
• No Tracking: We do not use cookies, tracking pixels, or third-party analytics.

Data Sharing

We do not share, sell, rent, or trade your information with third parties. Your data is yours alone. The only time your encrypted data leaves your device is when you explicitly choose to back it up to your own Google Drive account.

Your Rights

You have complete control over your data:

• Access: You can export your vault at any time from the app.
• Deletion: You can delete your account and all associated data from the Settings page.
• Portability: You can export your passwords in CSV format for use in other password managers.

Security Measures

We implement several security measures:

• AES-256 encryption for all sensitive data
• PBKDF2 key derivation for your master password
• Automatic session timeout to protect against unauthorized access
• Optional PIN code for quick unlocking
• No server-side data storage to eliminate server-side vulnerabilities

Third-Party Services

VaultPlus may integrate with the following third-party services:

• Google Drive: Optional backup storage. Subject to Google's Privacy Policy.

We do not share your unencrypted data with any third-party service.

Children's Privacy

VaultPlus is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Open Source

VaultPlus is open source. You can review our code to verify our privacy claims and security practices.

Contact Us

If you have any questions about this Privacy Policy, please contact us through our GitHub repository.