🔐 Privacy Policy

JPK Password Locker

Summary: Your data is encrypted on your device before it ever leaves. We cannot read your passwords, and we never sell or share your information.

What Data We Collect

JPK Password Locker collects and stores the following data:

Account email and password — Used for authentication only
Encrypted vault data — Your passwords, credit cards, and notes are encrypted with AES-256-GCM using your master key before being stored

How Your Data Is Protected

We use a zero-knowledge security model:

All encryption happens locally on your device
Your master key never leaves your device
We store only encrypted data — we cannot decrypt or read your vault
AES-256-GCM encryption with PBKDF2 key derivation (100,000 iterations)

Data Storage

Your encrypted vault is stored in Google Firebase Firestore. The data is encrypted before transmission and remains encrypted at rest. Only you, with your master key, can decrypt it.

Data We Do NOT Collect

Your master key (never transmitted)
Unencrypted passwords or sensitive data
Browsing history
Analytics or tracking data
Personal information beyond your email

Third-Party Services

We use the following third-party services:

Google Firebase — Authentication and encrypted data storage
Netlify — Web application hosting

These services have their own privacy policies. No third parties have access to your decrypted data.

Data Retention

Your encrypted data is retained as long as your account exists. You can delete your account and all associated data at any time by contacting us.

Your Rights

You have the right to:

Export your data at any time (via the vault's export feature)
Delete your account and all data
Access information about what data we store

Contact

For privacy concerns or data deletion requests, contact: jpk@jpkauto.com

Changes to This Policy

We may update this privacy policy from time to time. Significant changes will be communicated through the application.

Last updated: January 2026

← Back to Password Locker