Features Security Pricing FAQ Contact Login Get Started Free

Privacy Policy

Your privacy is our foundation. Learn how we protect your data.

Key Point: OneSafe Pass uses zero-knowledge architecture. We cannot access your passwords, even if we wanted to. Your master password never leaves your device, and all encryption happens locally in your browser.

1. Introduction

Welcome to OneSafe Pass. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our password manager service. By using OneSafe Pass, you agree to the collection and use of information in accordance with this policy.

2. Zero-Knowledge Architecture

OneSafe Pass is built on a zero-knowledge architecture, which means:

  • Your master password never leaves your device - It is never transmitted to our servers or stored anywhere except locally in your browser (if you enable "Remember Me").
  • All encryption and decryption happens locally - Your data is encrypted in your browser before being stored in your Google Drive.
  • We cannot access your data - Even if legally compelled, we cannot decrypt your passwords because we don't have access to your encryption keys.
  • No server-side storage of passwords - Your encrypted data is stored only in your Google Drive, which only you control.

3. Information We Collect

3.1 Information You Provide

  • Google Account Information: When you sign in with Google, we receive your email address and basic profile information (name, profile picture) through Google's OAuth service.
  • Encrypted Vault Data: Your passwords, payment cards, 2FA codes, and attachments are encrypted locally and stored in your Google Drive. We never have access to the unencrypted content.

3.2 Information We Do NOT Collect

  • Your master password
  • Your unencrypted passwords or data
  • Your encryption keys
  • Detailed usage analytics of your password vault
  • Any content of your encrypted files or attachments

3.3 Automatic Information

We may collect limited technical information to improve our service:

  • Browser type and version
  • Device type (desktop, mobile, tablet)
  • General location (country/region only, not precise location)
  • Error logs and crash reports (which do not contain your encrypted data)

4. How We Use Your Information

We use the information we collect for the following purposes:

  • Authentication: To verify your identity through Google OAuth.
  • Service Delivery: To provide you access to your encrypted vault stored in your Google Drive.
  • Service Improvement: To identify and fix bugs, improve performance, and enhance user experience.
  • Communication: To send you important service updates, security alerts, and respond to your inquiries (only if you contact us).
  • Legal Compliance: To comply with applicable laws and regulations.

5. Data Storage and Security

5.1 Where Your Data is Stored

All your encrypted vault data (passwords, cards, files) is stored in your Google Drive account, specifically in a secure appDataFolder that only OneSafe Pass can access. This folder is:

  • Hidden from your regular Google Drive view
  • Only accessible by our application
  • Backed up by Google's infrastructure
  • Subject to your Google account's security settings

5.2 Encryption Standards

We use industry-leading encryption standards to protect your data:

  • Algorithm: AES-256-GCM (Advanced Encryption Standard with Galois/Counter Mode)
  • Key Derivation: PBKDF2 with SHA-256 hash function and 600,000 iterations (OWASP recommended)
  • Unique Salts: Each vault has a unique 16-byte random salt
  • Unique IVs: Each encryption operation uses a unique 12-byte random initialization vector

5.3 Local Storage

If you enable the "Remember Me" feature, your master password hash may be stored locally in your browser's secure storage. This is never transmitted to any server and can be cleared by logging out or clearing your browser data.

6. Third-Party Services

6.1 Google Drive API

OneSafe Pass uses Google Drive API to store your encrypted vault. We only request the minimum necessary permissions:

  • Access to the appDataFolder (for storing encrypted vault data)
  • Basic profile information (for authentication)

Your data is subject to Google's Privacy Policy and Terms of Service. We have no control over Google's data practices.

6.2 No Other Third Parties

We do not share your data with any other third parties for advertising, analytics, or any other purpose. We do not use third-party tracking scripts or analytics services that could compromise your privacy.

7. Your Rights and Choices

You have the following rights regarding your data:

  • Access: You can access all your data through the OneSafe Pass application.
  • Export: You can export your vault data at any time.
  • Deletion: You can delete your vault data from your Google Drive at any time. To completely remove all data, you can also revoke OneSafe Pass's access to your Google account.
  • Revoke Access: You can revoke OneSafe Pass's access to your Google Drive through your Google Account settings.
  • Opt-out: You can stop using the service at any time.

8. Data Retention

We retain your data only as long as necessary to provide our service:

  • Vault Data: Stored in your Google Drive until you delete it.
  • Account Information: Stored as long as you use our service and authorize us through Google OAuth.
  • Error Logs: Retained for up to 90 days for debugging purposes.

9. Children's Privacy

OneSafe Pass is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@onesafepass.com.

10. International Data Transfers

Since your data is stored in your Google Drive, its location depends on your Google account settings and Google's data center locations. Your data may be transferred to and stored in countries other than your country of residence.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending you a notification through the application (for significant changes)

Your continued use of OneSafe Pass after any changes constitutes acceptance of the updated Privacy Policy.

12. Security Breach Notification

In the unlikely event of a security breach that affects your data, we will:

  • Investigate the breach immediately
  • Notify affected users within 72 hours
  • Provide detailed information about the breach and steps to protect yourself
  • Work to prevent future incidents

However, due to our zero-knowledge architecture, even in the event of a breach, your encrypted data remains secure and inaccessible without your master password.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

14. Legal Compliance

OneSafe Pass complies with applicable data protection laws, including:

  • General Data Protection Regulation (GDPR) for users in the European Union
  • California Consumer Privacy Act (CCPA) for users in California
  • Other applicable local data protection laws

Remember: With OneSafe Pass, you are in complete control of your data. We've designed our service so that we literally cannot access your passwords, ensuring your privacy is protected by design, not just by promise.

Last Updated: October 5, 2025