Privacy Policy

Last updated: December 2024

Our Commitment to Privacy

AmnPass is built on the principle that your data belongs to you. We use zero-knowledge encryption, which means your vault is encrypted with keys only you possess. We cannot access your passwords, 2FA codes, or any decrypted vault content — and we're designed that way intentionally.

Information We Collect

Account Information

When you create an account, we collect:

  • Email address — Used for account identification, notifications, and support
  • Authentication hash — Derived from your master password; not the password itself

Encrypted Vault Data

We store your encrypted vault on our servers. This data is encrypted client-side with keys derived from your master password before transmission. We store only ciphertext that we cannot decrypt.

Usage Data

We may collect basic usage analytics such as:

  • Feature usage (which features you use, not what data you enter)
  • Error logs to diagnose issues
  • Basic device/browser information for compatibility

This data helps us improve AmnPass but does not include any vault content.

Information We Do NOT Collect or Access

Due to our zero-knowledge architecture, we never have access to:

  • Your master password
  • Your decrypted passwords or vault items
  • Your 2FA seeds or codes
  • Your private encryption keys
  • Any plaintext vault content

How We Use Your Information

We use the information we collect to:

  • Provide and maintain the AmnPass service
  • Authenticate your identity when you log in
  • Sync your encrypted vault across devices
  • Send transactional emails (account confirmation, password reset links)
  • Provide customer support when you contact us
  • Improve the service based on aggregate usage patterns

Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes.

We may share information only in these limited circumstances:

  • Service providers — We work with providers for infrastructure, email delivery, and payment processing. They only receive the minimum data needed for their service.
  • Legal requirements — If required by law, we may disclose information. However, since your vault is encrypted with keys we don't possess, we cannot provide decrypted vault content even if compelled.

Data Security

All data is encrypted in transit (TLS 1.3) and at rest. Your vault content is additionally protected by zero-knowledge encryption. We follow security best practices and regularly review our systems for vulnerabilities.

Data Retention

We retain your account and encrypted vault data for as long as your account is active. If you delete your account, we will delete your data within 30 days. Some information may be retained in encrypted backups for up to 90 days.

Your Rights

You have the right to:

  • Access — Download your data through the export feature
  • Correct — Update your email or account information
  • Delete — Close your account and delete all data
  • Portability — Export your vault in standard formats

Children's Privacy

AmnPass is not intended for children under 13. We do not knowingly collect information from children under 13. If you believe a child has provided us with personal information, please contact us.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or by posting a notice on our website. Continued use of AmnPass after changes constitutes acceptance of the updated policy.

Contact Us

For privacy-related questions or to exercise your rights, contact us at:

privacy@amnpass.com