Privacy Policy

Last updated: May 27, 2026

Overview

mypass is a self-hosted, single-user password manager. It is designed so that no one other than you — including the developer — can access your data. This privacy policy explains what data mypass handles and how.

Data We Collect

We do not collect any personal data. mypass does not have user accounts, analytics, telemetry, crash reporting, or advertising. There is no server-side component that processes your information.

Data Stored on Your Device

mypass stores the following data locally on your device:

Encrypted vault cache: A local copy of your encrypted vault for offline access.
Device wrap key: A random encryption key stored in your operating system's secure keychain (Android Keystore, iOS Keychain, or OS equivalent), protected by biometric authentication or PIN.
Application preferences: Non-sensitive settings such as theme and layout choices.

Your master password is never stored. It is held in memory only while the vault is unlocked and is discarded when you lock the app or it exits.

Data Stored Remotely

mypass syncs your vault to a cloud storage provider that you configure and control. Two objects are stored:

vault.enc: Your vault data, encrypted with XChaCha20-Poly1305 using a 256-bit data key. The storage backend cannot read this data.
meta.json: Unencrypted metadata containing your Argon2id parameters (memory cost, time cost, parallelism) and a random salt. This file contains no secrets and no vault contents.

The storage is yours. The developer has no access to it. mypass communicates directly with your storage provider using credentials you provide.

Third-Party Services

mypass does not integrate with any third-party analytics, advertising, or tracking services. The only network communication is between your device and your chosen storage provider.

Data Sharing

We do not share any data with third parties. We have no data to share — the application is fully client-side and we do not operate any servers that handle your information.

Children's Privacy

mypass is not directed at children under 13. We do not knowingly collect any personal information from children.

Changes to This Policy

If this policy changes, the updated version will be posted at this URL with a new "Last updated" date. Since mypass collects no data, changes are unlikely to be material.

Contact

If you have questions about this privacy policy, contact: [email protected]