Privacy Policy – CipherPass

Effective Date: May 31, 2025

This Privacy Policy explains how CipherPass ("the Application") collects, handles, stores, and protects user data. By using the Application, you ("the User") agree to the terms contained herein.

1. Data Collection and Storage

CipherPass stores one-time password (OTP) secrets and related authentication data in order to provide its core functionality. These secrets are not stored in plain text. All sensitive information is encrypted, hashed, and stored in a secured Azure Key Vault. CipherPass does not store user passwords or other personally identifiable information unless strictly required for core operations.

No analytics, advertising identifiers, third-party tracking tools, or behavioral profiling mechanisms are present within the Application.

2. Security Practices

CipherPass is designed and developed using security-by-design principles. Data transmission occurs exclusively over encrypted channels using industry-standard protocols such as TLS 1.2 or higher. Stored secrets are encrypted both in transit and at rest. Azure Key Vault enforces access control, logging, and auditing of all access requests.

Encryption algorithms and key management practices follow Microsoft's published recommendations and security baselines. Access to sensitive data is tightly scoped and regularly reviewed.

3. No Warranties or Guarantees

CipherPass is provided on an "as is" and "as available" basis. The developer makes no warranties, express or implied, as to the reliability, completeness, security, or suitability of the Application for any particular use case.

To the maximum extent permitted by law, the developer disclaims all liability for any direct, indirect, incidental, or consequential damages arising from the use of the Application. This includes, without limitation, damages resulting from data loss, service interruption, unauthorized access, or security breach.

4. User Obligations

The User is responsible for securing their own access credentials, devices, and authentication workflows. The Application is a tool that must be deployed as part of a broader security posture. Misconfiguration, insecure practices, or negligence by the User may lead to outcomes beyond the control of the Application or its developer.

5. Good Faith Security Commitment

CipherPass is maintained with a focus on minimizing risk and protecting users. If a security vulnerability or risk is identified, it will be investigated and addressed promptly. The developer supports responsible disclosure and encourages users or researchers to report any findings through appropriate contact channels.

6. Policy Changes

This Privacy Policy may be updated at any time without prior notice. Updates will be effective upon publication. Continued use of the Application following a change in policy constitutes acceptance of the revised terms.