Privacy Policy — PassStore Desktop Autofill Extension

Last updated: March 27, 2026

Overview

PassStore Desktop Autofill is a browser extension that connects to the PassStore mobile app on your local network to autofill passwords. It is designed with a strict no-cloud, no-account architecture. Your data never leaves your local network.

Data Collection

We do not collect, transmit, or store any personal data on external servers.

The extension does not:
- Send data to any remote server, cloud service, or analytics platform
- Track browsing history, keystrokes, or user behavior
- Use cookies or third-party tracking technologies
- Require account creation or login

Data Stored Locally

The extension stores the following data locally on your device using chrome.storage.local:

| Data | Purpose | Retention |
|------|---------|-----------|
| Device IP address and port | Reconnect to your phone on your LAN | Until you disconnect |
| Pairing credentials (encrypted key or code) | Re-establish sessions after network interruptions | Until you disconnect |
| Connection timestamp | Enforce session expiry (1 hour max) | Until you disconnect |

All locally stored data is cleared when you disconnect or uninstall the extension.

Network Communication

• The extension communicates only with the PassStore app running on your phone over your local Wi-Fi network (LAN).
• All messages are AES-encrypted using a key established during pairing (via QR code or 6-digit code).
• No data is sent to the internet. The extension makes no outbound HTTP requests to external servers.

Permissions Explained

| Permission | Why it's needed |
|------------|-----------------|
| activeTab | Detect password fields on the current page to offer autofill |
| storage | Save connection details locally so you don't have to re-pair every time |
| <all_urls> (host permission) | Detect login forms on any website you visit and establish a local WebSocket connection to your phone |

Credential Handling

• Credentials are requested from the PassStore mobile app on demand when you interact with a login form.
• Each credential request requires explicit approval on your phone (unless you've temporarily trusted the device for that domain).
• Credentials are held in memory only for the duration of the autofill action and are never written to disk by the extension.

Third-Party Services

This extension uses no third-party services, SDKs, analytics, or telemetry.

Children's Privacy

This extension does not knowingly collect information from children under 13.

Changes to This Policy

Updates to this policy will be posted in the extension's repository. Continued use after changes constitutes acceptance.

Contact

If you have questions about this privacy policy, please open an issue on the project's GitHub repository.

Developer: DonTagTech