PassQGuard Browser Extension ("the Extension") is a browser extension that integrates with the PassQGuard desktop application to provide password management and autofill functionality. This privacy policy explains how we handle your data when you use the Extension and the related PassQGuard desktop application.
The Extension operates as a communication bridge between your browser and the PassQGuard desktop application running on your local device.
The Extension processes the following data in memory temporarily but does not store it:
Website URLs
The Extension reads the URL of the current webpage to match stored credentials. URLs are only sent to the local PassQGuard desktop application running on your device (localhost) and are never stored.
Usernames
When you submit a login form, the Extension may send the username to the local PassQGuard desktop application to record the login event. Usernames are processed locally and never stored by the Extension.
Form Detection
The Extension scans web pages to detect login forms. This scanning is performed locally in your browser and no form data is collected or stored.
Credentials (Temporary)
When filling login forms, credentials are received from the desktop application and used immediately to fill the form. Credentials are never stored by the Extension and exist only in memory during the filling process.
This section describes how the PassQGuard desktop application handles data. The Extension itself does not store any of this data.
The PassQGuard desktop application stores the following minimal data on a server to accommodate recurring OAuth authentication:
Email Address
Your email address associated with your PassQGuard account
OAuth Provider ID
The identifier from your OAuth provider (e.g., Google, GitHub) used for authentication
Only this data is stored on servers. No passwords, keys, or credentials.
The PassQGuard desktop application stores the following data locally on your device:
Password Contexts
Metadata about your password contexts, including:
Encryption Keys
Keys used for local encryption/decryption operations. These keys exist only in memory and are deleted when the app closes or locks. They are never stored locally or transmitted to any server.
The Extension functions as follows:
Credential Retrieval
When you request to fill login credentials, the Extension sends the current webpage URL (and optionally a username) to the PassQGuard desktop application running on your local machine (127.0.0.1:48000). The desktop application generates the password using its generative algorithm and returns it to the Extension, which then fills the login form. This entire process happens locally on your device.
Login Tracking
When you submit a login form, the Extension may notify the local PassQGuard desktop application of the login event (URL and username) to help maintain password context metadata. This notification is sent only to the local application on your device.
Password Generation
Passwords are generated on-demand using a generative algorithm based on your password contexts and master key. Passwords are never stored.
OAuth Authentication
Your email and OAuth provider ID stored on the server are used solely for recurring OAuth authentication to maintain your session with the PassQGuard service.
The Extension does not store any data, eliminating data breach risks at the Extension level
All communication between the Extension and the PassQGuard desktop application occurs over localhost (127.0.0.1)
The Extension uses secure Content Security Policy (CSP) to prevent unauthorized script execution
No external network communication is performed by the Extension
Password contexts and metadata are stored locally on your device
Encryption keys exist only in memory and are deleted when the app closes or locks
Server-stored data (email and OAuth provider ID) is minimal and used only for authentication
Passwords are generated, not stored, providing inherent security
The Extension requests the following permissions:
storage for temporary in-memory operations. No data is persisted.
tabs to read the URL of the current tab to match stored credentials with the desktop application
host_permissions for http://127.0.0.1/* to communicate with the local PassQGuard desktop application
Content script access to all URLs
Required to detect and fill login forms on websites you visit
The Extension does not use any third-party services, analytics tools, or external APIs. All functionality is self-contained and operates entirely on your local device.
The PassQGuard desktop application may use OAuth providers (such as Google, GitHub) for authentication. Your use of these services is subject to their respective privacy policies.
The Extension does not share or transmit any data. All operations are local.
The PassQGuard desktop application shares only your email address and OAuth provider ID with the PassQGuard authentication server for the sole purpose of maintaining your OAuth session. No other data is shared with any external parties.
You have complete control over your data:
Access
You can access your password context metadata through the PassQGuard desktop application
Deletion
Control
You can disable the Extension or revoke permissions at any time through browser extension settings
Data Portability
You can export your password context metadata through the PassQGuard desktop application
The Extension and PassQGuard desktop application are not intended for use by children under the age of 13. We do not knowingly collect personal information from children.
We may update this privacy policy from time to time. We will notify you of any changes by updating the "Last Updated" date at the top of this policy. You are advised to review this privacy policy periodically for any changes.
If you have any questions about this privacy policy or our data practices, please contact us at:
This privacy policy is designed to comply with:
General Data Protection Regulation (GDPR)
California Consumer Privacy Act (CCPA)
Browser Extension Store Developer Program Policies
Extension
Does not collect or store any data. Acts as a local communication bridge only.
Desktop Application
No external data sharing
Extension shares nothing. Desktop app shares only email and OAuth provider ID for authentication.
Complete local control
You can delete all data by uninstalling the Extension and deleting your PassQGuard account.
This privacy policy applies to both the PassQGuard Browser Extension and the PassQGuard desktop application. For questions about specific features, please refer to the documentation or contact us using the information above.
© 2025 PassQGuard • Last updated: 12/16/2025, 11:04:41 AM