Effective Date: [Waiting for browsers approval]
Privacy is important to us. At DontSpoof, we take your privacy very seriously and insist on providing the best possible service at all times. Our extension, DontSpoof Vault, has a Privacy Policy that explains what information it collects, how it uses it, and your rights regarding your data. This policy informs you about us and how we protect your privacy.
1. Overview
The DontSpoof Vault extension is designed to assist you in generating, storing, and sharing your passwords securely (and privately). Your data is stored locally on your device using strong encryption. We do not store or transmit any personal data or browsing activity to external servers.
2. Data Collection
The DontSpoof Vault extension does not collect personal data or send any information to third-party servers. Specifically:
- User Data: The information stored on your device includes saved passwords, usernames, site information, and shared passwords, all secured locally using industry-standard AES-GCM encryption.
- User ID: A unique User ID is generated locally on your device when you choose to share passwords securely. This ID is used for sharing between your device and other devices using Bitwarden. The User ID is not transmitted or shared externally.
- Master Password and Passphrase: Your master password and passphrase are never stored directly. Instead, a cryptographic hash of these inputs is saved, allowing us to verify your credentials during authentication.
3. Data Storage and Security
DontSpoof Vault saves all data to the browser’s local storage (chrome.storage.local
), which is sandboxed and isolated for your protection.
- Encryption: AES-GCM with a 256-bit key is used for encrypting your data. The key is derived using PBKDF2 (Password-Based Key Derivation Function 2) with a SHA-256 hash.
- Local Storage: All sensitive data is encrypted before being stored in the browser’s local storage. It is never accessible outside of the extension.
4. Data Sharing
The DontSpoof Vault extension allows you to securely share your saved passwords with others. Here’s how it works:
- Encryption: When you choose to share a password (e.g., copying it to the clipboard or pasting it into a message), the data is encrypted locally using AES-GCM before being copied or pasted.
- Recipient Verification: The shared password can only be decrypted by the recipient’s specific User ID combined with the shared passphrase.
- No External Transmission: The extension does not transmit passwords to any external servers. It’s your responsibility to share the encrypted message securely (e.g., via email or chat).
5. User Control and Data Deletion
Within the DontSpoof Vault extension, you have full control over your data. You can:
- View Saved Data: Access your saved passwords directly within the extension.
- Delete Data: Use the “Delete All Data” feature to remove all stored data, including passwords, User ID, and encrypted credentials.
- Reset Master Password: You can reset your master password and passphrase at any time, which will re-encrypt your data with the new credentials.
6. Permissions
The DontSpoof Vault extension requests minimal permissions:
- Storage Permission: The extension needs this permission to save your encrypted data locally on your device.
- We do not request access to your browsing history, cookies, or any other personal data.
7. Third-Party Services
The DontSpoof Vault extension does not use any third-party services, analytics, or tracking services. All data handling is fully performed on your device without external dependencies.
8. Privacy of Children
The DontSpoof Vault extension is not intended for use by individuals under the age of 13. We do not knowingly collect any personal information from children. If you believe a child has used our extension and provided personal data, please contact us at waqas@dontspoof.com, and we will promptly delete the data.
9. Changes to This Privacy Policy
This Privacy Policy may be updated from time to time. If we make significant changes, we will notify users on our website or in the extension update notes. We encourage you to periodically review this policy to ensure you are aware of how we protect your data.
Last Updated: [17-Nov-2024]
10. Contact Us
If you have any questions, concerns, or feedback regarding this Privacy Policy, please contact us at:
Email: Waqas@dontspoof.com