Privacy Policy

At CarryPass ("we", "our", or "us"), we are committed to protecting your privacy. This Privacy Policy outlines how we handle your personal information when you access and use our website, https://carrypass.net, and our Progressive Web App (PWA) (together, the "Service").

1. Information We Collect

Your privacy is important to us. To ensure the highest level of privacy protection, we do not collect, transmit, or share any personal or sensitive data.

• No Data Collection: The data you input in our Service, such as passwords and domain names, is processed entirely client-side, meaning it is handled exclusively in your browser. We do not transmit any personal or sensitive data to our servers, nor do we share this data with third parties.
• No Usage Data: We do not collect any usage data or employ statistical tools to track your activity within the Service.

2. Cookies

No Cookies in Use: Our Service does not use cookies, whether for technical purposes or otherwise. We do not store, collect, or use cookies to track or store information.

3. Hosting by GitHub Pages

CarryPass is hosted via GitHub Pages, a static site hosting service provided by GitHub, Inc. While CarryPass itself does not collect any data, GitHub may automatically log basic technical information such as your IP address or browser type for operational and security purposes.

Please refer to GitHub’s Privacy Statement for more information about their data practices.

4. GDPR Article 25 – Privacy by Design and Default

CarryPass is built in accordance with Article 25 of the General Data Protection Regulation (GDPR), which requires data protection by design and by default. This principle guides our technical and design decisions to ensure that your data is secure without requiring additional user action.

• No Data Collection: CarryPass does not collect or transmit personal information. All data is handled locally in your browser or device.
• Privacy by Design: Encryption, password generation, and vault operations are implemented fully client-side, requiring no network connection or backend processing.
• Protection by Default: All sensitive data such as vaults and TOTP secrets are encrypted automatically using AES-GCM and PBKDF2, without optional user steps.
• User Control: Only the user can access or export data. Optional QR code exports are encrypted and handled entirely on-device.

CarryPass is intentionally designed to ensure user privacy and security by default, without compromise.

5. Changes to the Privacy Policy

We may occasionally update this Privacy Policy. If we make any changes, we will post the revised Privacy Policy on this page.

Reviewing the Policy: We encourage you to periodically check this page for any updates. Changes to the Privacy Policy are effective as soon as they are posted here.

6. Contact Us

If you have any further questions or concerns regarding this Privacy Policy, please feel free to reach out to us at:

Email: info.carrypass@proton.me