Skip to content
LitePassword
Sign in Get started — free
LEGAL

Privacy Policy

Last updated: 2026-05-18

1. Who we are

LitePassword is a zero-knowledge password manager operated at https://litepassword.com. This policy describes what personal data we collect, why, and how we handle it.

2. What we collect

We collect the minimum necessary to operate the service:

  • Account data — your email address, name (if provided), and authentication tokens issued by our identity provider (Clerk).
  • Billing data — handled by PayPal. We store only the transaction reference and plan associated with your account.
  • Vault metadata — vault names, descriptions, icon choice, member list, and timestamps. This data is not encrypted because we need it to render the app.
  • Encrypted vault contents — the actual secrets you store. These are AES-256 encrypted on your device before they reach us. We cannot read them.
  • Operational logs — IP addresses and request paths for security and abuse prevention. Retained for 30 days.

3. What we do not collect

  • Your master password — it never leaves your device.
  • Your recovery key — generated on-device and shown to you once.
  • Decrypted vault contents.

4. How we use your data

To provide and maintain the service, send transactional emails (invitations, account notifications), enforce plan limits, and respond to your support requests. We do not sell your data and do not run third-party advertising trackers.

5. Sub-processors

  • Clerk — authentication and identity (account email, password hash).
  • PayPal — payment processing.
  • SendGrid — transactional email.
  • AWS / Cloud hosting — infrastructure.

6. Data retention

Account and vault data is retained while your account is active. After you delete your account, we permanently delete encrypted blobs and metadata within 30 days. Operational logs are deleted after 30 days regardless.

7. Your rights

You can access, export (encrypted), or delete your data at any time from the in-app settings. For GDPR / CCPA requests, contact us through the Support page.

8. Security incidents

In the event of a security incident affecting your data, we will notify you by email within 72 hours of discovery. Because we hold ciphertext only, the practical impact of a server breach on your secret contents is zero.

9. Changes

We will post material changes to this policy on this page and notify you by email when they affect your rights.

10. Contact

For privacy questions: use the Support page.