VaultOTP - Privacy Policy

← Back to VaultOTP

TL;DR: VaultOTP stores all data locally on your device. We do not collect, transmit, or sell any personal data. Your secrets never leave your browser.

1. Overview

VaultOTP ("we", "the extension") is a browser extension for generating Time-Based One-Time Passwords (TOTP). This privacy policy explains how the extension handles your data.

We are committed to protecting your privacy. VaultOTP was designed with a local-first, zero-knowledge architecture. We have no servers that receive your data, no user accounts, and no analytics.

2. Data We Store

All data is stored locally on your device using Chrome's built-in chrome.storage.local API. This data never leaves your browser.

Data	Purpose	Storage
TOTP Secret Keys	Generate one-time passwords	Local only
Account Names & Issuers	Display account labels	Local only
License Key	Verify license activation	Local only
Trial Start Date	Calculate free trial period	Local only
Time Sync Offset	Correct system clock drift	Local only (in memory)

3. Data We Do NOT Collect

VaultOTP does not collect or have access to:

Personal information (name, email, address)
Browsing history or web activity
Location data
Financial or payment information
Usage analytics or telemetry
Crash reports
Any data from websites you visit

4. Network Requests

VaultOTP makes only two types of network requests, solely for time synchronization:

Destination	Purpose	Data Sent
`worldtimeapi.org`	Fetch accurate UTC time (primary)	None — standard GET request
`google.com`	Fetch time via HTTP Date header (fallback)	None — standard HEAD request

These requests contain no user data, no identifiers, and no tracking parameters. They are used exclusively to ensure accurate TOTP code generation when your system clock is inaccurate.

5. Permissions Explained

Permission	Why It's Needed
`storage`	Store TOTP secrets, account data, license key, and trial status locally
`clipboardRead`	Import TOTP accounts by pasting QR code images from your clipboard
`clipboardWrite`	Copy generated TOTP codes to your clipboard with one click
Host: `worldtimeapi.org`	Fetch internet time for accurate code generation
Host: `google.com`	Fallback time sync when primary server is unavailable

6. Third-Party Services

VaultOTP does not integrate with any third-party analytics, advertising, or tracking services.

License purchases are processed externally by Stripe. Payment data is handled entirely by Stripe and is never accessible to or processed by the VaultOTP extension. Stripe's privacy policy applies to payment transactions: stripe.com/privacy.

7. Data Sharing

We do not share, sell, rent, or transfer any user data to third parties. Period.

8. Data Security

Your TOTP secret keys are stored using Chrome's built-in storage API, which is sandboxed to the extension. No other extensions or websites can access this data. All TOTP code generation happens locally in your browser using the Web Crypto API.

9. Data Deletion

You can delete all VaultOTP data at any time by:

Removing individual accounts within the extension
Uninstalling the extension (this removes all stored data automatically)

10. Children's Privacy

VaultOTP is not directed at children under 13. We do not knowingly collect any data from children.

11. Changes to This Policy

If we make changes to this privacy policy, we will update the "Last updated" date at the top of this page. Continued use of the extension after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this privacy policy or VaultOTP's data practices, please contact us:

Email: [email protected]