Legal

Privacy Policy

Effective: June 2025 Last updated: June 2025 passwxrd v1.0+
🔒
Passwords collected
None. Ever.
📡
Data sent to servers
Zero
📊
Analytics / telemetry
None
🍪
Cookies (app)
None
🌐
Network requests
1 — version check only
💾
Local storage
%LOCALAPPDATA%\passwxrd
The short version: passwxrd is a local app. It never sees your passwords, never phones home with your data, and has no backend that stores anything about you. The only network request it ever makes is checking a version number — nothing personal is involved.
01 —

Overview

passwxrd ("we", "our", or "the Software") is a free, local Windows desktop application. This Privacy Policy explains what information the Software and this website handle, how it is used, and your rights regarding it.

Because passwxrd operates entirely on your local device, the privacy story is simple: we do not collect, transmit, or have access to your passwords or personal data. This policy exists to be transparent about the small amount of activity that does occur.

02 —

Data We Collect

From the desktop application: None. passwxrd collects no data from users through the application itself. No usage statistics, no crash reports, no identifiers, no telemetry of any kind.

From this website (passwxrd.com): If you submit the contact form, we receive your name, email address, and message. This is used solely to respond to your enquiry and is not shared with third parties or used for marketing.

Our web server logs standard HTTP request data (IP address, timestamp, URL path, user agent) for security and uptime monitoring purposes. These logs are not linked to any personal profile and are periodically purged.

03 —

What We Don't Collect

To be explicit, passwxrd does not collect:

  • Your passwords, credentials, or any browser database contents
  • Your master password or any hash of it (stored locally only, never transmitted)
  • Your Windows Hello biometric data (processed entirely by Windows, not by us)
  • Your device name, username, or hardware identifiers
  • Usage patterns, feature interactions, or session data
  • Crash reports or error logs (errors are written locally to error.log only)
  • Your IP address or location via the application
04 —

Local Files Created by passwxrd

passwxrd creates and manages files in %LOCALAPPDATA%\passwxrd\ on your device. These files are entirely under your control and are never transmitted anywhere. They include:

  • Master password hash — an HMAC-SHA256 hash of your master password. The plaintext password is never stored.
  • Settings file — app preferences such as auto-lock timeout and auto-start.
  • Backups — snapshots of browser credential databases created before edits, stored in \backups\.
  • Exports — any CSV or JSON files you explicitly export, stored in \exports\.
  • error.log — a local crash log written only if the application encounters an unhandled exception. Never transmitted.
You are in full control. You can delete the entire %LOCALAPPDATA%\passwxrd\ folder at any time to remove all traces of the app. Doing so does not affect your browser passwords.
05 —

Network Activity

passwxrd makes exactly one type of outbound network request:

  • Version check — on startup, the app fetches passwxrd.com/version.txt, a plain-text file containing the latest version number (e.g. 1.0.0). The request includes a User-Agent header of the form passwxrd/1.0.0. No personal data, credentials, or identifiers are included.

If no update is available, no further network activity occurs. If an update is available and you choose to download it, the new .exe is fetched from passwxrd.com/download/passwxrd.exe. Again, no personal data is transmitted.

The version check can be effectively disabled by blocking passwxrd.com in your firewall or hosts file — the app will continue to function normally without it.

06 —

This Website

The passwxrd.com website is a static site. We do not use:

  • Advertising networks or tracking pixels
  • Third-party analytics (Google Analytics, Mixpanel, etc.)
  • Session cookies or persistent cookies of any kind
  • Social media embeds or share buttons that track visitors

Google Fonts are loaded from fonts.googleapis.com for typography. This means Google's servers receive your IP address as part of the font request. If you prefer to avoid this, you can block Google Fonts via a browser extension — the site remains fully readable with system fallback fonts.

07 —

Third-Party Services

passwxrd.com is hosted on PebbleHost infrastructure and delivered through Cloudflare's network. Cloudflare may process connection metadata (IP addresses, request headers) as part of its DDoS protection and CDN services. Please refer to Cloudflare's Privacy Policy for details on how they handle this data.

No third-party services have access to the contents of any contact form submissions beyond our own email inbox.

08 —

Children's Privacy

passwxrd is not directed at children under the age of 13. We do not knowingly collect any information from children. If you believe a child has submitted personal information through our contact form, please contact us and we will delete it promptly.

09 —

Security

The security of your data is, by design, entirely in your hands. Because passwxrd never transmits your credentials, there is no server-side database to breach, no cloud storage to compromise, and no account to take over.

Your passwords are protected by Windows DPAPI encryption at the browser level, plus passwxrd's own master password layer (HMAC-SHA256). Windows Hello adds a hardware-backed biometric gate on top.

For website contact form data, our server uses HTTPS (TLS via Cloudflare) for all connections.

10 —

Your Rights

Since we hold virtually no personal data about application users, there is very little to exercise rights over. However:

  • Application data — all data is stored locally on your device. You can delete it at any time by removing %LOCALAPPDATA%\passwxrd\.
  • Contact form data — if you have submitted a message via our contact form and wish to have it deleted, email us and we will remove it.
  • Server logs — standard web server logs (IP, timestamp, path) are retained briefly for security purposes and then purged. These are not linked to any identity.

If you are located in the European Economic Area (EEA) or the UK, you may have additional rights under GDPR or UK GDPR including the right to access, rectify, or erase personal data we hold about you. Contact us to exercise these rights.

11 —

Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect any changes. We will not notify users individually of updates.

Given the nature of passwxrd — a local app with no user accounts — material changes to this policy are unlikely. If we ever add features that change how data is handled, this policy will be updated before those features ship.

12 —

Contact

Questions, concerns, or requests regarding this Privacy Policy:

Privacy questions?

We're happy to explain anything. Drop us a message.

✉️  hello@passwxrd.com