Privacy Policy

This privacy policy explains how your data is handled when using the Password Strength Checker service.

Password Strength Checking

Your password is never sent to any server. All password analysis occurs locally in your browser via a local javascript.

Data Breach Checking

When you check if your password has been involved in any data breaches, we locally generate a SHA-1 hash of your password and send only a 5-character prefix of that hash to the HaveIBeenPwned API. The full password hash never leaves your browser.

Password Generator

The passwords you generate are never stored or transmitted to any server. They are generated entirely within your browser. For the purposes of this privacy policy, once you generate a password, it counts as "your password" and will be treated the same as if you have created it yourself.

Security, Analytics & Hosting

To ensure the security of this website, we may collect identifiable and non-identifiable information such as your IP address and browser information. We also may use anonymous analytics to provide & improve our service. Detailed information is available at Cloudflare's Privacy Policy.

Third-Party Services

We use the HaveIBeenPwned API for breach checking. Please review their privacy policy as well. Please note that they only receive a 5-character SHA-1 prefix of your password hash, and never the full password or the full password hash. As part of the data breach check, your IP address is revealed to their server since your browser is the one making a request to their API.

As explained in the Security, Analytics & Hosting section, we use Cloudflare for hosting, security and analytics. You can review their privacy policy here.

This website may contain links which lead to third-party websites. We are not responsible for the privacy practices or content of such websites.