Zero Data RetentionQuantum-Ready Entropy256-bit MinimumClient-Side OnlyPost-Quantum ReadyZero KnowledgeNIST SP 800-63BFIPS 140-3 AlignedNo Account NeededDoD CompliantZero Data RetentionQuantum-Ready Entropy256-bit MinimumClient-Side OnlyPost-Quantum ReadyZero KnowledgeNIST SP 800-63BFIPS 140-3 AlignedNo Account NeededDoD Compliant
Legal

Privacy Policy

Last updated: March 2026 · Effective immediately

PassGeni is built on a simple principle: we can't leak what we never collect. Your passwords are generated entirely in your browser. They never touch our servers. This policy explains exactly what we do and don't collect.

What we do NOT collect

  • Your passwords — ever
  • Your passphrase words
  • Your compliance preset selections
  • Your profession seed inputs
  • Your password history (stored only in your browser session)
  • Keystroke or typing data
  • Browser fingerprint

What we collect (minimal)

For the free tools (generator, breach checker, strength checker, secure share, WiFi QR, audit, policy generator): we collect nothing. Zero. Your browser does all the work.

For the Team API plan, we collect:

  • Your email address (for account authentication via magic link)
  • Billing information processed by Stripe — we never see your card number
  • API call counts per day (not the passwords generated, just the count)
  • API key hashes (we store only the SHA-256 hash, never the raw key)

Breach checker privacy

When you use our breach checker, we implement k-anonymity. Only the first 5 characters of your password's SHA-1 hash are sent to the Have I Been Pwned API. The full hash never leaves your browser. HIBP cannot know which password you checked.

Secure Share

When you use Secure Share, the AES-256 decryption key is embedded in the URL fragment (#). Fragments are never transmitted to servers by browsers — this is a fundamental browser guarantee. Our servers receive only the encrypted payload, which is meaningless without the key.

Cookies

We use no advertising cookies, no tracking cookies, and no analytics cookies. The only cookies used are strictly necessary session cookies for authenticated Team plan users (NextAuth session). We do not use Google Analytics, Facebook Pixel, or any third-party tracking scripts.

Data retention

Free tool usage: zero retention. Team plan accounts: we retain your email, API usage counts, and billing records for as long as your account is active, plus 90 days after cancellation for dispute resolution. You may request deletion at any time.

Your rights

You have the right to access, correct, export, or delete any personal data we hold. Email us at privacy@passgeni.ai and we will respond within 5 business days.

Changes to this policy

If we make material changes, we'll update the date at the top of this page and notify Team plan users by email. Continued use of PassGeni after changes constitutes acceptance.

Contact

Questions? Email privacy@passgeni.ai or visit our contact page.