Privacy Policy

Last updated: December 21, 2023

1. Introduction

MePassword ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you use our password management service. As an open-source project, we believe in transparency and community-driven development.

2. Data Storage and Location

Our data storage is strictly segregated:

Windows Hello Storage:

  • Private Key
  • AES Key
  • Initialization Vector (IV)
  • User Credentials (encrypted)

Browser Storage:

  • Session settings (auto-lock time, session duration)
  • Biometric verification preferences
  • Session timestamps
  • Lock-on-leave preferences

Server Storage (Encrypted):

  • Website URLs (encrypted)
  • Usernames (encrypted)
  • Passwords (encrypted)
  • Non-sensitive metadata (last update time, owner email)

3. Chrome Extension Permissions

Our extension requires minimal permissions:

  • Storage: For session settings and encryption keys only
  • Active Tab: Required for auto-fill functionality
  • Identity: For secure user authentication

4. Security Measures

Our security implementation includes:

  • RSA-OAEP encryption (4096-bit) for asymmetric encryption
  • AES-GCM (256-bit) for symmetric encryption
  • Windows Hello biometric authentication integration
  • Automatic session management with configurable timeouts
  • Device-specific security tracking

5. Device Information

We collect the following device information for security purposes:

  • Device ID
  • Browser type
  • Operating system
  • Last active timestamp
  • Session status

This information is used solely for security monitoring and ensuring secure access to your account.

6. Data Encryption

All sensitive data (website URLs, usernames, and passwords) are encrypted before transmission and storage. The encryption keys are securely stored using Windows Hello when biometric authentication is enabled, ensuring that only you can access your data.

7. Your Rights and Control

You have complete control over:

  • Session duration settings (up to your configured limit)
  • Auto-lock timing preferences
  • Biometric authentication settings
  • Lock-on-leave functionality
  • Access to your encrypted data

8. Open Source Commitment

MePassword is an open-source project, meaning:

  • Our source code is publicly available for review
  • Security researchers can verify our encryption implementations
  • Community contributions are welcome
  • All security measures are transparent and auditable

9. Changes to This Policy

We will notify users of any material changes to this privacy policy through the extension interface. Continued use of the extension after such modifications constitutes acceptance of the updated policy.

10. Contact Information

For any questions or concerns about this Privacy Policy, you can:

  • Email us at mouad.mennioui3@gmail.com
  • Create an issue on our GitHub repository
  • Join our community discussions