The MindYourPass on-the-fly Password Generator is a cybersecurity solution that gives you the strongest passwords possible without ever storing them. It is using a patented technology that allows you to use a single, easy-to-remember password for all your accounts, which MindYourPass uses to generate distinct, extremely strong passwords for each of your accounts. MindYourPass calculates your passwords on-the-fly. This means that it can recalculate your password when you need it. Because of this, the generated passwords do not need to be stored in something like a password vault.

MindYourPass is Privacy-by-Design. It means that we take all possible effort to not store or process any privacy-sensitive information. What we don't have, we cannot breach. In the MindYourPass'FireFox Extension Privacy Policy below we describe how we realize this.

MindYourPass'FireFox Extension Privacy Policy

OUR USERS ARE ANONYMOUS
MindYourPass is designed in such a way that you are anonymous. We don't know you and we like to keep it that way ;-) When we need to communicate with you, we ask for your consent by asking for your email address. When we're done we forget your email address. This way we cannot track you and we are proud of that.

The only exception is that we keep a list of email addresses of registered users. We cannot connect these email addresses to actual accounts. The only reason we record them is to be able to contact our users in case of an incident.

THE DATA WE COLLECT

All data that we collect (as described below) is essential for the correct operation of the MindYourPass Password Generator. In other words, without any of the items described below, the product cannot work in a secure and correct manner. Therefore, the user cannot opt-our individual items, other than opting out all of them by not creating an account. By creating a MindYourPass account and accepting our privacy policy the user is giving his consent for this.

FOR REGISTRATION

Email address. In order to use the MindYourPass password generator, you need a MindYourPass account. During the registration process, we ask for your email address. The e-mail address is used to validate that you own the email address. As indicated, we store the email address in order to be able to contact you in case of an incident. Your account and the collection of email addresses are disconnected. This means that we cannot find your account given an email address, or find your email address given your account.

Master password. We also ask you to enter a master password. This password is not stored. Also not in hashed or encrypted form. It is your proof to the system that you are you.

Device identifier. We generate a device identifier based on the hardware profile of your device. We do not store the identifier itself but a derivation that cannot be tracked back to the identifier. We use device identifiers to ensure that we only handle password generation requests from devices that you authorized.

Additional information. We do not collect other information, such as names, phone numbers, physical addresses or IP-addresses

FOR NORMAL USE
Personal information. MIndYourPass users are anonymous. When signing into MindYourPass you provide a valid email address and your master password. These are not stored and cannot be used to identify you. They are used to derive an anonymous registration id. Passwords are generated based on this anonymous registration id. Generated passwords are not stored and not available on our servers because they are partly generated on your device. URLs are stored as part of the generation process. User names are synced and end-to-end encrypted across devices. The encryption keys are never accessible on our servers. There is no further personal data (such as IP addresses or account information) collected during the password generation process for instance for analytical purposes.

Cookies. MindYourPass does not make use of cookies. So, we don't track your usage of the password generator. We also don't use cookies for authentication purposes. Authentication tokens needed for accessing our servers are only stored in-memory.

Device identifier. When signing in, we identify your device by calculating a device signature. From this signature, we drive a client identifier. This identifier cannot be used to derive the signature. The client identifier is used to check if the corresponding device is authorized (by you) to access the MindYourPass servers.