1. Introduction
This policy describes how the Secure Password Vault Chrome extension and website (securepasswordvault.site) handle information. The project is developed by Arham Ikhlaq, Asad Abbas, and Murtajiz Ali Khan, supervised by Dr. Zain Ul Abadin.
2. Extension โ what we collect
We do not collect vault data on any server. Encrypted passwords and your master-password verification token remain on your device in Chrome local storage.
3. Breach checking (Have I Been Pwned)
When enabled by your action (adding/editing a password), the extension contacts
api.pwnedpasswords.com using k-anonymity. Only a partial password hash prefix
is transmitted โ never your full password in the request.
4. Website
This marketing site is static HTML. It does not access your vault. Contact form submissions are handled locally in the demo; connect to your email provider when deploying to production.
5. Your control
- Uninstall the extension to remove local data (or use in-extension vault reset).
- Do not use breached passwords โ the extension warns you before save.
- Keep your master password confidential and unique.
6. Contact
Privacy questions: contact@securepasswordvault.site