Privacy Policy

Last updated: June 2026

This Privacy Policy describes how PassFortify ("we", "us", "our") handles information when you use our website at www.passfortify.com.

1. No personal data collection

PassFortify does not collect, store, transmit, or process any personal data you enter into our tools. Specifically:

• Passwords you generate are created and displayed in your browser only. They are never sent to our servers.
• Passwords you enter into the Strength Checker are analyzed locally in your browser. They are never transmitted.
• Passphrases generated by our tools exist only in your browser's memory.
• TOTP secret keys you enter are processed locally using your browser's Web Cryptography API. They are never sent anywhere.

We have no servers that process security-sensitive inputs. This is by design — a site that never receives your data cannot be breached to expose it.

2. Breach Checker and the Have I Been Pwned API

Our Breach Checker tool uses the Have I Been Pwned (HIBP) API, operated by Troy Hunt. When you use this feature:

• Email breach lookup: Your email address is sent via HTTPS to the HIBP API to retrieve breach information. HIBP's own privacy policy applies to this query. We do not store or log the email addresses queried.
• Password breach lookup (k-Anonymity): Your password is hashed with SHA-1 in your browser. Only the first 5 characters of the hash are sent to the HIBP API. Your actual password and full hash are never transmitted. This is the industry-standard k-Anonymity model.

3. Google AdSense

PassFortify uses Google AdSense to display advertisements. Google AdSense uses cookies and similar tracking technologies to serve personalized advertisements based on your browsing history and interests.

• Google may use cookies to serve ads based on your visits to this and other websites.
• You can opt out of personalized advertising by visiting Google Ads Settings.
• For more information about how Google uses data, visit Google's Privacy Policy.

4. Cookies

PassFortify itself sets only one optional cookie: a dark mode preference cookie if you enable dark mode. This cookie contains no personal information and is not shared with third parties.

Google AdSense may set additional cookies for ad serving purposes as described in section 3.

5. Server logs

Our hosting provider (Vercel) may automatically log standard web server information including IP addresses, browser type, pages visited, and timestamps. These logs are used for security and performance monitoring and are retained according to Vercel's data retention policy. We do not use these logs to identify individual users.

6. No accounts or login

PassFortify has no user registration, login, or account system. We collect no names, email addresses, or any other personal information for the purpose of account management.

7. Children's privacy

PassFortify is not directed at children under 13. We do not knowingly collect any information from children under 13.

8. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the site after changes constitutes acceptance of the updated policy.

9. Contact

For privacy questions or concerns: privacy@passfortify.com