Privacy Policy

Your privacy is our foundation, not an afterthought

Last Updated: November 25, 2025 | Effective Date: January 1, 2024

Our Privacy Guarantee

Zero Password Storage: Your generated passwords NEVER leave your device. Period.

100% Client-Side: All password generation happens in your browser using the Web Crypto API.

No Account Required: We don't collect email addresses, usernames, or personal information.

Transparent & Compliant: GDPR, CCPA, and PIPEDA compliant. No hidden tracking or data selling.

1. Information We Collect (and Don't Collect)

❌ What We DO NOT Collect

DynamicPassGen is fundamentally different from most web services. Here's what we explicitly never collect, store, or have access to:

  • Generated passwords - Your passwords are created entirely in your browser and never transmitted to our servers
  • Passwords you test - When using our password strength checker or breach checker, analysis happens locally
  • Personal information - No names, email addresses, phone numbers, or account credentials
  • User accounts - We don't have user accounts, so we can't tie data to individuals
  • Clipboard data - We never access your clipboard except when you explicitly click "Copy"
  • Device fingerprinting - We don't create unique device identifiers or track you across sessions

✓ What We DO Collect (Minimal, Anonymous)

To improve our service and ensure it works properly, we collect minimal, anonymized data:

A. Analytics Data (via Google Analytics 4)

  • Page views: Which pages you visit (e.g., homepage, tools pages, guides)
  • Referral source: How you found our site (search engine, direct visit, social media)
  • Browser and device type: Chrome/Firefox/Safari, desktop/mobile (for compatibility)
  • Country/region: General geographic location (city-level, never precise location)
  • Session duration: How long you stay on our site
  • Feature usage: Which tools you use (password generator, strength checker, etc.)

Important: Google Analytics is configured with IP anonymization enabled, meaning your full IP address is never stored. We've also disabled all advertising features and user-level data collection.

B. Server Logs (Automatic)

Our web server automatically logs standard technical information:

  • IP address: Anonymized after 24 hours, used only for security and abuse prevention
  • Request timestamp: When you accessed our site
  • HTTP request details: URL requested, response status code
  • User agent string: Browser and operating system version

These logs are retained for 7 days for security purposes (detecting attacks, preventing abuse), then automatically deleted.

C. Contact Form Data (Only If You Contact Us)

If you use our contact form:

  • Email address (required to respond to you)
  • Name (optional)
  • Message content (what you write to us)
  • Timestamp of submission

This information is stored only as long as necessary to respond to your inquiry, typically 30-90 days, then deleted unless ongoing correspondence is required.

2. How We Use Your Information

The minimal data we collect is used exclusively for the following purposes:

Service Improvement

  • Understanding which features are most valuable to users
  • Identifying technical issues or performance bottlenecks
  • Optimizing page load times and user experience
  • Deciding which new features to prioritize

Security and Abuse Prevention

  • Detecting and blocking malicious traffic (DDoS attacks, bots)
  • Identifying and preventing spam or abuse
  • Ensuring fair usage of our free services
  • Complying with legal requirements if necessary

Communication (Only If You Contact Us)

  • Responding to support requests and questions
  • Addressing bug reports or feature requests
  • Following up on feedback you provide

We will NEVER:

  • ❌ Sell your data to third parties
  • ❌ Use your data for advertising targeting
  • ❌ Share your information with data brokers
  • ❌ Send you marketing emails (we don't have your email unless you contact us)
  • ❌ Track you across other websites

3. Password Generation Security & Privacy

This is the most important section. Here's exactly how our password generator protects your privacy:

🔐 Complete Client-Side Processing

When you generate a password on DynamicPassGen, here's what happens:

  1. 1. You click "Generate" - Your browser receives the request
  2. 2. Web Crypto API activates - Your browser's built-in crypto.getRandomValues() function executes
  3. 3. Password is created locally - Using your device's hardware entropy, a cryptographically secure password is generated
  4. 4. Display in your browser - The password appears on your screen
  5. 5. Optional: Copy to clipboard - If you click "Copy," it's added to your clipboard

At NO point in this process does the password leave your device or get sent to our servers.

Proof: Verify It Yourself

Don't just trust our word. You can verify our privacy claims:

  1. Open your browser's Developer Tools (F12 or right-click → Inspect)
  2. Go to the Network tab
  3. Generate a password on our site
  4. Watch the network requests - You'll see ZERO network activity when generating passwords

Complete transparency is part of our commitment to you. If you find ANY evidence of passwords being transmitted, please contact us immediately.

Session History Feature

Our interface shows your last 5 generated passwords for convenience during your session. This history:

  • ✓ Is stored ONLY in your browser's memory (JavaScript variable)
  • ✓ Is never written to cookies or local storage
  • ✓ Is automatically cleared when you close the tab/window
  • ✓ Can be manually cleared with the "Clear History" button
  • ✓ Never leaves your device

4. Cookies and Tracking Technologies

We use minimal cookies and tracking technologies. Here's a complete breakdown:

Cookie NamePurposeDurationType
_gaGoogle Analytics - distinguishes users2 yearsAnalytics
_ga_*Google Analytics - session data2 yearsAnalytics
theme_preferenceRemembers dark/light mode choice1 yearFunctional

How to Control Cookies

You have full control over cookies:

  • Browser settings: Block or delete cookies in your browser preferences
  • Google Analytics opt-out: Use the Google Analytics Opt-out Browser Add-on
  • Do Not Track: We respect Do Not Track (DNT) browser signals

Note: Blocking cookies won't affect password generation (which requires no cookies), but may affect analytics and theme preferences.

5. Third-Party Services

We use a small number of third-party services. Here's complete transparency:

Google Analytics 4

Purpose: Website analytics and usage statistics

Data shared: Anonymized page views, device type, location (country/city)

Privacy measures:

  • ✓ IP anonymization enabled
  • ✓ Advertising features disabled
  • ✓ Data retention set to 14 months (minimum allowed)
  • ✓ User-ID tracking disabled

Privacy policy: Google Privacy Policy

Google AdSense (Optional Advertising)

Purpose: Display contextual advertisements to fund free services

Data shared: Page URL, device type, approximate location

Your choices:

  • ✓ Use an ad blocker - we don't restrict access
  • ✓ Opt out of personalized ads via Google Ad Settings
  • ✓ Ads never appear on password generation sections

Privacy policy: Google Ads Privacy

Content Delivery Network (CDN)

Provider: Hostinger / Cloudflare

Purpose: Fast, secure content delivery worldwide

Data processed: IP address (temporary), request metadata

Privacy benefit: Additional DDoS protection and encryption

Have I Been Pwned API (Breach Checker Tool)

Purpose: Check if passwords appear in known data breaches

Privacy protection: We use k-anonymity - only the first 5 characters of the SHA-1 hash are sent

Data shared: First 5 characters of hashed password (NOT the actual password)

Your actual password never leaves your browser and is never sent to any server when using our breach checker.

Learn more: HIBP Privacy Policy

6. Data Retention and Deletion

We practice data minimization and retention limits:

Data TypeRetention PeriodDeletion Method
Generated passwordsNEVER storedN/A - never collected
Server logs7 daysAutomatic deletion
Google Analytics data14 monthsAutomatic expiration (Google's system)
Contact form submissions30-90 daysManual deletion after resolution
Session history (last 5 passwords)Until tab closedAutomatic (browser memory only)

You can request deletion of any data we hold by contacting us. Since we collect minimal data and don't use accounts, there's typically nothing to delete.

7. Your Privacy Rights (GDPR, CCPA, PIPEDA)

Depending on your location, you have certain privacy rights. We respect all of them globally, regardless of where you live.

Your Rights Include:

🔍 Right to Access

Request a copy of any personal data we hold about you. Since we don't collect personal data for password generation, there's typically nothing to access.

✏️ Right to Correction

Request correction of inaccurate data. Contact us if you believe we have incorrect information.

🗑️ Right to Deletion ("Right to be Forgotten")

Request deletion of your data. We'll comply within 30 days unless legally required to retain it.

⛔ Right to Opt-Out

Opt out of data collection (analytics). Use browser settings, ad blockers, or DNT signals.

📤 Right to Data Portability

Receive your data in a machine-readable format. Applicable if we ever store user accounts (currently we don't).

🚫 Right to Object

Object to processing of your data for specific purposes. We only use data for essential operations.

How to Exercise Your Rights

To exercise any privacy right:

  1. Contact us via our contact form
  2. Include your request details and proof of identity (if necessary)
  3. We'll respond within 30 days with confirmation or explanation

No fees: Exercising your privacy rights is always free.

Regulatory Authorities

You have the right to lodge a complaint with your local data protection authority:

8. Children's Privacy (COPPA Compliance)

DynamicPassGen is safe for all ages. Our service:

  • ✓ Does not knowingly collect personal information from children under 13
  • ✓ Does not require account registration (no age verification needed)
  • ✓ Does not use targeted advertising based on user profiles
  • ✓ Provides educational content about password security

Since password generation is 100% client-side with zero data collection, there are no COPPA concerns. Parents can safely allow children to use our password generator for school accounts, games, or other online services.

Educational Use: Teachers and parents are welcome to use DynamicPassGen as an educational tool to teach children about password security and online safety.

9. Changes to This Privacy Policy

We may update this privacy policy occasionally to reflect:

  • Changes in our services or features
  • Updates to legal requirements
  • Improvements to our privacy practices
  • User feedback and suggestions

How We'll Notify You

For significant changes, we will:

  • ✓ Update the "Last Updated" date at the top of this page
  • ✓ Display a prominent notice on our homepage for 30 days
  • ✓ Highlight the specific changes made

Your continued use of DynamicPassGen after changes constitutes acceptance of the updated policy. If you disagree with changes, please stop using our service.

Version History: Previous versions of our privacy policy are available upon request.

10. Contact Us About Privacy

We take your privacy seriously. If you have questions, concerns, or requests related to this privacy policy or our data practices:

Get in Touch

Email: privacy@dynamicpassgen.com

Contact Form: Submit a privacy request

Response Time: We aim to respond within 48 hours for privacy inquiries

For general support or questions about how to use our tools, please visit our security guides or contact page.

Privacy-First Password Security

Your passwords never leave your device. Your privacy is guaranteed, not promised.

Generate Secure Password Now →