← Password Generator Pro
Privacy Policy
Last updated: April 26, 2026
Password Generator Pro is built around one promise: your generated passwords never leave your device. This policy describes the very small amount of data the extension does transmit, and why.
What we collect (locally, in your browser)
- Settings , your default length, character class toggles, separator, and similar preferences. Stored in
chrome.storage.local on your device only.
- Encrypted history (if enabled) , the last 5 (Free) or 100 (Pro) generated passwords, encrypted with AES-GCM. The encryption key is either a random session key (cleared when Chrome restarts) or derived from a master phrase you set. The plaintext is never written to disk.
- Daily usage counter , how many passwords you generated today and how many breach checks you ran. Used to enforce the Free-tier daily limits. Resets at midnight UTC.
- Anonymous device ID , a random ID generated on first install, used solely for license verification. It contains no personally identifiable information.
What we transmit, and where
- License verification , your anonymous device ID is sent to
peakproductivity.online/password-generator-pro/api/check-license to determine whether you have a Pro license. No password content. No analytics. The result is cached in your browser for 24 hours.
- HIBP breach check (if you click the breach-check button) , only the first 5 hex characters of the SHA-1 hash of your password are sent to
api.pwnedpasswords.com. The full hash is never transmitted. This is the standard "k-anonymity" model documented at haveibeenpwned.com.
- Anonymous funnel events , the extension fires lightweight, anonymous events (first install, first generation, paywall hit) to
peakproductivity.online/api/growth/event. No password content, no email, just the event name and your anonymous device ID. Used to track install-to-paid conversion. You can disable this in Settings.
What we never collect
- Generated passwords. Ever. Period.
- Browsing history, tab URLs, page content, or anything else from any website.
- Personally identifiable information except an email address you voluntarily provide at checkout (handled by Stripe under their privacy policy).
- Third-party tracking cookies, advertising IDs, or fingerprinting signals.
Permissions, and why we need them
- storage , to save your settings and encrypted history locally.
- host_permissions for peakproductivity.online , to call the license verification API.
- host_permissions for api.pwnedpasswords.com , to make the optional HIBP breach check.
That's it. No tab access, no content scripts, no clipboard read, no activeTab.
Stripe (payment processing)
If you upgrade to Pro, your payment is processed by Stripe. We do not see or store your card details. Stripe sends us a webhook with your purchase confirmation and email so we can email you a license key. Stripe's privacy policy applies to that data.
Email (if you subscribe)
If you opt into the optional email sequence on the welcome page, your address is stored on our SendSimple instance (running on a server we operate). You can unsubscribe with one click from any email. We don't share email addresses with third parties.
Data retention & deletion
- Local data (settings, history, device ID) is deleted when you uninstall the extension.
- License records (anonymous device ID + Pro status) are kept until you request deletion. Email support@peakproductivity.online with the device ID shown on your Settings page.
- Funnel events older than 90 days are aggregated and the per-event records are deleted.
Children
Password Generator Pro is not directed at children under 13 and we don't knowingly collect data from them.
Changes
If we materially change this policy we'll update the "Last updated" date and, for significant changes, notify Pro users by email.
Contact
support@peakproductivity.online