Privacy Policy

PassRefresh — Password Refresh Coach
Effective Date: May 13, 2026 | Last Updated: May 13, 2026

The short version: PassRefresh stores all your data locally on your device. We never see, collect, or transmit your passwords. Period.

1. Who We Are

PassRefresh is developed and published by Front Page VIP LLC ("we," "us," "our"), a Georgia-based company. This Privacy Policy explains how the PassRefresh mobile application ("the App") handles your information.

2. Data We Collect

We do not collect any personal data. PassRefresh is designed as a fully offline, on-device tool. Specifically:

Passwords and credentials: All imported passwords, audit results, and generated passwords are stored exclusively on your device using local storage (AsyncStorage). They are never transmitted to our servers or any third-party servers.
Account information: PassRefresh does not require account creation, login, email address, or any personally identifiable information to use.
Analytics and tracking: We do not use any analytics SDKs, tracking pixels, advertising identifiers, or telemetry of any kind.
Crash reports: We do not collect crash reports or usage statistics.

3. Have I Been Pwned API

PassRefresh uses the Have I Been Pwned (HIBP) Pwned Passwords API to check whether your passwords have appeared in known data breaches. This check uses a privacy-preserving technique called k-anonymity:

Your password is hashed locally on your device using SHA-1.
Only the first 5 characters of the 40-character hash are sent to the HIBP API.
The API returns a list of hash suffixes matching that prefix.
Your device checks the list locally to determine if your password's full hash appears.

This means your actual password — or even its full hash — is never transmitted over the network. It is mathematically impossible for the HIBP service (or any network intermediary) to determine your password from the 5-character prefix alone.

The HIBP API is operated by Troy Hunt. Their privacy policy is available at haveibeenpwned.com/Privacy.

4. Data Storage and Security

Local storage only: All data is stored on your device using React Native AsyncStorage. No cloud storage, no server-side databases.
Device security: Your data is protected by your device's built-in security features (passcode, Face ID, Touch ID, device encryption).
Clipboard handling: When you copy a generated password, PassRefresh automatically clears your clipboard after 60 seconds to prevent accidental exposure.
Data deletion: You can permanently delete all data at any time via Settings → Clear All Data within the App. This action is immediate and irreversible.

5. Third-Party Services

PassRefresh uses the following third-party services:

Have I Been Pwned Pwned Passwords API — for breach detection only, using k-anonymity as described above.
Expo / React Native — the development framework used to build the App. No data is shared with Expo.

We do not integrate any advertising networks, social media SDKs, or analytics platforms.

6. Children's Privacy

PassRefresh does not knowingly collect information from children under 13. The App does not collect any personal information from any user of any age.

7. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be reflected by updating the "Last Updated" date at the top of this page. Continued use of the App after changes constitutes acceptance of the updated policy.

8. Your Rights

Since we do not collect, store, or process any of your personal data on our servers, there is no personal data for us to access, correct, delete, or port. All your data resides on your device and is fully under your control.

9. Contact Us

If you have questions about this Privacy Policy or the App's data practices, contact us at:

Front Page VIP LLC
Email: support@frontpagevip.com
Website: frontpagevip.com