Prevent Pwned Passwords Privacy Policy

Prevent Pwned Passwords is designed to help keep you safe while browsing the web by ensuring you don’t use a password that is known to have been part of a data breach.

How we protect your data

Accordingly, we’re very careful with your data. Whenever we check to see if a password has been involved in a past breach, we take the following measures:

• The password is hashed before we begin working with it at all. (Hashing is a one-way encryption method.)
• No password is ever sent in plain text.
• The hash is sent securely over HTTPS to Have I Been Pwned, the service which checks for breaches.
• No additional identifying data is sent with the hash. This means that any other data, such as any username you enter or even the site that you’re entering the password on, is not sent.
• We do not persistently store any data you enter, including any passwords or hashes.
• The only data we store is a list of domains that you have chosen to whitelist.
• We do not store or collect any contact information, and will not (and can not) contact you.
• You can uninstall the extension at any point to stop the transmission of hashes to Have I Been Pwned.

How Have I Been Pwned protects your data

Be sure to also review the Have I Been Pwned FAQ for details on how that service uses and safeguards your data.

Our open source commitment

Prevent Pwned Passwords is open source. You can view the code on GitHub. This is an important part of our commitment to your privacy – you can review our code and make sure we do exactly what we say.