Privacy Policy

Last updated: August 1, 2025

The Short Version

We don't collect, store, or process any personal data. We can't see your passwords, we don't track you, and we don't want your information. This policy exists because platforms require it, not because we actually collect anything.

What We Don't Collect

  • Personal Information: No names, emails, phone numbers, or addresses
  • Usage Data: No analytics, telemetry, or behavioral tracking
  • Device Information: No device IDs, operating system details, or hardware specs
  • Location Data: No GPS coordinates, IP addresses, or geographic information
  • Passwords or Vault Data: Your vault is encrypted locally and we cannot decrypt it
  • Cookies or Tracking: No cookies, web beacons, or tracking pixels

How UPass Works

UPass is designed with zero-knowledge architecture. Your master password never leaves your device. All encryption and decryption happens locally on your device. When you sync your vault:

  • Your vault is encrypted on your device before transmission
  • Only encrypted blobs are stored on the server
  • The server cannot decrypt your data without your master password
  • We cannot recover your data if you forget your master password

Server Logs

Our servers may maintain minimal technical logs for operational purposes (error debugging, system monitoring). These logs do not contain personal information and are automatically purged. If you self-host UPass, you control all logging.

Third-Party Services

UPass does not integrate with third-party analytics, advertising, or tracking services. The only external connections are:

  • Your chosen UPass server (which you can self-host)
  • Font loading from Google Fonts (website only)
  • GitHub for source code and releases

Data Retention

Since we don't collect personal data, there's nothing to retain. Your encrypted vault remains on the server until you delete it. You can export your data and delete your account at any time through the application.

Your Rights

Because we don't collect personal data, traditional privacy rights (access, rectification, erasure) don't apply in the usual sense. However:

  • You can export your vault data at any time
  • You can delete your vault from our servers
  • You can self-host UPass for complete control
  • All source code is open and auditable

Children's Privacy

UPass does not collect personal information from anyone, including children under 13. Parents and guardians should supervise their children's use of applications and ensure their safety.

International Users

UPass is available worldwide. Since we don't collect personal data, GDPR, CCPA, and other privacy regulations don't apply in the traditional sense. However, our zero-knowledge approach exceeds the privacy protections required by these laws.

Changes to This Policy

If we ever change our approach to privacy (which would contradict our core principles), we will update this policy and notify users through our GitHub repository. The open-source nature of UPass ensures any changes are transparent and auditable.

Contact

For questions about this privacy policy or UPass in general, please email [email protected]

Our Commitment

UPass exists to protect your privacy, not to monetize it. This policy reflects our technical reality: we've designed our system so that we cannot collect your personal data even if we wanted to. Your digital privacy is not for sale.