Privacy Vault

All data stays on your device. Exported files are encrypted and can only be opened with your master password.

Privacy Policy

Last updated:

TL;DR: We collect nothing. Your passwords never leave your device. This policy exists to document that commitment.

1. Introduction

Privacy Vault (“we”, “our”, “the Service”) is operated by net2coder. This Privacy Policy explains how we handle information when you use Privacy Vault. It is short because there is very little to say: we collect no personal data.

2. No Data Collection

We do not collect, process, store, or transmit:

  • Your name, email, or any personally identifying information
  • Your passwords or vault contents (these never leave your browser)
  • Your master password or any encryption keys
  • Usage analytics, behavioral tracking, or session data
  • IP addresses beyond those inherent in standard web hosting
  • Cookies for tracking purposes

3. How the Service Works (Technical)

Privacy Vault is a static web application. When you visit, your browser downloads HTML, CSS, and JavaScript files from our hosting provider. All subsequent operations : password generation, encryption, decryption, and vault storage : happen exclusively within your browser using:

  • Web Crypto API: AES-GCM 256-bit encryption with PBKDF2 key derivation, all executed natively in the browser.
  • IndexedDB: Your browser's local database. Vault data is stored here, encrypted, on your device only.
  • No network requests: After the initial page load, no data is sent to any server.

4. Local Storage & Cookies

Privacy Vault uses your browser's IndexedDB to store your encrypted vault locally on your device. This is not a tracking cookie : it is your encrypted data that only you can access with your master password.

We may use localStorage for non-sensitive UI preferences (such as theme preference). No personal data is stored there.

5. Hosting Provider

The Service is hosted by a third-party hosting provider. Standard server logs (IP address, user agent, request path, timestamp) may be retained by the hosting provider for infrastructure and security purposes, subject to their privacy policy. We do not access or process these logs for any purpose related to tracking individual users.

6. Third-Party Services

Privacy Vault does not integrate with any third-party analytics, advertising, identity, or tracking services. There are no third-party scripts loaded that could monitor your behavior.

7. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect data from children. Since we collect no data from anyone, this is trivially satisfied.

8. Your Rights (GDPR / CCPA)

Since we hold no personal data about you, the standard rights (access, erasure, portability, objection) apply trivially : there is nothing to access, erase, or port on our end. Your vault data exists only on your device and is under your sole control.

If you want to “delete” your data, clear your browser's IndexedDB for this site via your browser's developer tools or site data settings.

9. Data Security

All vault data is encrypted with AES-GCM before being written to IndexedDB. The encryption key is derived from your master password using PBKDF2 with SHA-256 and a random salt. This means even if someone gained access to your device's IndexedDB, they could not read your passwords without your master password.

10. Changes to this Policy

We may update this policy. Changes will be reflected in the “Last updated” date. Since we collect no data, changes to this policy are unlikely to affect your privacy in any material way.

11. Contact

Questions about this policy? Reach us via net2coder.in or open an issue on our GitHub repository.