Privacy Policy

How Pass.fit protects your privacy and data

Last updated: December 2025

Our Privacy Commitment

Pass.fit is built with privacy as a core principle. We believe that password generation should be completely private and secure. This privacy policy explains how we handle (or don't handle) your data.

🔒 Key Privacy Fact: We never see, store, or transmit your generated passwords. All password generation happens entirely in your browser.

What We Don't Collect

  • Generated Passwords: Your passwords are created in your browser and never leave your device
  • Personal Information: We don't require accounts, names, emails, or personal details
  • Password History: We don't store any record of passwords you've generated
  • Usage Patterns: We don't track which types of passwords you prefer
  • IP Addresses: We don't log or store your IP address
  • Device Information: We don't collect device fingerprints or detailed browser information

What We Do Collect (Minimal Analytics)

We use Google Analytics to understand how people use our service, but in a privacy-focused way:

  • Page Views: Which pages are visited (without personal identification)
  • General Usage: How often the generator is used (not what passwords are generated)
  • Basic Demographics: General location (country level) and browser type
  • Performance Data: Loading times and errors to improve the service

Important: Even this limited data cannot be used to identify you personally or recover any passwords you've generated.

How Our Technology Ensures Privacy

Client-Side Generation

All password generation happens in your browser using JavaScript. The cryptographic random number generation uses your browser's built-in crypto.getRandomValues() function.

No Server Communication

When you generate a password, no data is sent to our servers. The entire process happens locally on your device.

No Cookies for Passwords

We don't use cookies to store password preferences or history. Any settings are stored only in your browser's local memory during your session.

Third-Party Services

Google Analytics

We use Google Analytics for basic website analytics. This service may set cookies to track general usage patterns. You can opt out using browser settings or Google's opt-out tools.

CDN Services

We use content delivery networks (CDNs) to serve JavaScript libraries (like Tailwind CSS) faster. These services don't have access to your generated passwords.

Hosting Provider

Our website is hosted on Netlify. Standard web server logs may be collected by the hosting provider, but these don't contain password data.

Your Rights and Choices

  • Opt-out of Analytics: Use browser settings or ad blockers to disable Google Analytics
  • Clear Data: Clear your browser's cache and cookies to remove any stored preferences
  • Use Offline: Save our website locally and use it offline for maximum privacy
  • Source Code: Review our open-source code to verify our privacy claims

Data Security

Since we don't collect or store sensitive data, there's minimal risk to your privacy. However, we still implement security best practices:

  • HTTPS Encryption: All communication with our website is encrypted
  • Secure Headers: We implement security headers to prevent common attacks
  • Regular Updates: We keep our systems and dependencies updated
  • No Database: We don't maintain databases that could be compromised

Changes to This Policy

We may update this privacy policy occasionally to reflect changes in our practices or for legal reasons. We'll update the "Last updated" date at the top of this page. Since we don't collect contact information, we can't notify you directly of changes, so please check this page periodically.