CodePass

Chrome Extension

CodePass

Privacy Policy

Last update: 12/10/2025

Developer Contact

Website:AzanoRivers
Developer:AzanoRivers

1. INTRODUCTION AND PRIVACY COMMITMENT

CodePass is a Chrome browser extension designed for secure password management with optional synchronization via Google Drive. We are committed to protecting your privacy and being completely transparent about how we handle your data.

FUNDAMENTAL PRINCIPLE:

CodePass does NOT share, sell, transfer, or store your data on our own external servers. All information remains under your exclusive control.

2. INFORMATION WE COLLECT AND HOW WE USE IT

2.1. Google Authentication Data

WHAT WE COLLECT:

  • Temporary Google OAuth 2.0 access token
  • Basic profile information (email, name)

HOW WE USE IT:

  • Authenticate your identity with Google
  • Access Google Drive for synchronization (only if you authorize)
  • Validate access permissions

WHERE IT'S STORED:

  • Locally in your browser (chrome.storage.local)
  • Temporarily (expires in 15 minutes, must be renewed)
  • NEVER on CodePass external servers

GOOGLE PERMISSIONS:

  • openid, email, profile: Basic identification
  • https://www.googleapis.com/auth/drive: Drive access

2.2. Passwords and Credentials

WHAT WE STORE:

  • Passwords you choose to save in CodePass
  • Associated service/website names
  • Associated usernames

HOW THEY'RE PROTECTED:

  • 256-bit AES-GCM encryption locally
  • PBKDF2 key derivation (310,000 iterations)
  • Optional master password (blockPhrase) NEVER stored in plain text
  • Temporary encryption keys destroyed on logout

WHERE THEY'RE STORED:

  • Locally: chrome.storage.local (encrypted)
  • Google Drive: "codepassdata.txt" file in "codepassextension" folder (encrypted if you set blockPhrase, or plain if you prefer)

IMPORTANT:

  • CodePass CANNOT read your passwords if you use blockPhrase
  • If you forget your blockPhrase, we CANNOT recover your data
  • Only YOU have access to your passwords

2.3. Local Configuration Data

WHAT WE STORE:

  • Dark/light theme preferences
  • Password lock state
  • Auto-sync configuration

WHERE IT'S STORED:

  • Locally in chrome.storage.local
  • NEVER synchronized with external servers

3. HOW WE SHARE YOUR INFORMATION

3.1. Google Drive (Only with Your Authorization)

  • Your password file synchronizes ONLY with YOUR personal Google Drive account
  • No one else has access (not even us)
  • You can revoke access anytime from your Google account
  • File is stored at: Google Drive > codepassextension > codepassdata.txt

3.2. NO Third-Party Sharing

CodePass does NOT share, sell, rent, or transfer your personal data to third parties under any circumstances, except:

  • Legal Compliance: If required by law (court order, etc.)
  • Rights Protection: To protect our legal rights

4. THIRD-PARTY SERVICES USED

4.1. Google OAuth 2.0 and Google Drive API

Provider: Google LLC

Purpose: Authentication and Drive storage

Privacy Policy: https://policies.google.com/privacy

Revoke access: https://myaccount.google.com/permissions

4.2. Google Fonts (UI Only)

Provider: Google LLC

Purpose: Load typography fonts (Orbitron, Barlow Condensed)

URL: https://fonts.googleapis.com/

Data collected by Google Fonts: IP address (for font delivery)

Policy: https://developers.google.com/fonts/faq/privacy

Note: Standard web service, similar to any website you use

5. DATA SECURITY

5.1. Implemented Security Measures

  • End-to-end encryption with 256-bit AES-GCM
  • PBKDF2 key derivation (310,000 iterations, SHA-256)
  • Temporary keys deleted on logout
  • Master password (blockPhrase) encrypted with itself
  • Authentication tokens with expiration (15 minutes)
  • No storage on proprietary servers
  • No activity logging or external logs

5.2. User Responsibility

  • Keep your blockPhrase secure and private
  • Use strong passwords for your Google account
  • Regularly review your Google account permissions
  • Log out on shared devices

6. YOUR PRIVACY RIGHTS

You have the right to:

  • Access your data (it's in your Google Drive and chrome.storage.local)
  • Modify your data (edit or delete passwords anytime)
  • Delete your data:
  • Log out → local data automatically deleted
  • Manually delete Drive file if desired
  • Uninstall extension → all local data deleted
  • Export your data (export function available in extension)
  • Revoke Google Drive permissions anytime

7. DATA RETENTION AND DELETION

  • Local Data: Automatically deleted on logout or uninstall
  • Google Drive: Remains until YOU manually delete it
  • Access Tokens: Automatically expire in 15 minutes
  • Encryption Keys: Deleted on lock or logout

8. CHILDREN'S PRIVACY

CodePass is NOT designed for children under 13. We do not knowingly collect information from minors. If you are a parent/guardian and discover your child provided us information, contact us to delete it.

9. CHANGES TO THIS PRIVACY POLICY

We may update this policy occasionally. We will notify you of significant changes through:

  • Updating the date at the top
  • Notification in the extension (if applicable)

We recommend reviewing this policy periodically.

10. TECHNICAL TRANSPARENCY

10.1. Chrome Permissions Requested

  • "storage": To save configuration and encrypted data locally
  • "identity": For Google OAuth 2.0 authentication

10.2. Data We Do NOT Collect

  • Browsing history
  • Visited websites
  • Credit card data
  • Location information
  • Usage analytics or telemetry
  • Advertising or tracking
  • Device information

11. CONTACT AND SUPPORT

If you have questions about this Privacy Policy or how we handle your data, contact us:

Email:Contact

Web:AzanoRivers

GitHub: CodePass

12. LEGAL COMPLIANCE

This extension complies with:

  • Chrome Web Store Developer Program Policies
  • GDPR (General Data Protection Regulation - EU)
  • CCPA (California Consumer Privacy Act - USA)
AzanoLabs - CodePass - Privacy Policy