Aegis Password Manager - Privacy Policy

Last Updated: December 25, 2025

1. Introduction

Aegis is a secure password manager that prioritizes your privacy. This privacy policy explains how we collect, use, and protect your information.

2. Information We Collect

When you use Aegis, we collect the following information:

• Account Information: Username, email address, and encrypted authentication credentials
• Encrypted Vault Data: Your passwords, notes, and other secrets stored in encrypted form
• Authentication Tokens: JWT tokens for session management

3. Google Sign-In

If you choose to sign in with Google:

• We only receive your email address and basic profile information
• We do NOT store your Google password or access your Google account data
• Your email is used solely to identify and authenticate your Aegis account
• You can disconnect Google Sign-In at any time from your account settings

4. How We Use Your Information

We use your information to:

• Provide and maintain the password management service
• Authenticate your access to your vault
• Sync your encrypted vault across devices
• Communicate important service updates

5. Data Encryption and Security

• Master Password: Your master password is NEVER sent to our servers. It only exists locally on your device to encrypt/decrypt your vault
• End-to-End Encryption: All vault data is encrypted using AES-256 before being stored
• Zero-Knowledge Architecture: We cannot access your decrypted vault contents
• Secure Transport: All data transmission uses HTTPS/TLS encryption

6. Data Storage and Retention

• Your encrypted vault data is stored on our secure servers
• Data is retained as long as your account is active
• You can delete your account and all associated data at any time
• Upon account deletion, all data is permanently removed within 30 days

7. Data Sharing

We DO NOT:

• Sell your personal information to third parties
• Share your vault contents with anyone
• Use your data for advertising purposes
• Provide your information to third parties except as required by law

8. Third-Party Services

Aegis uses the following third-party services:

• Google OAuth: For optional Google Sign-In authentication (governed by Google's Privacy Policy)
• Hosting Provider: For secure server infrastructure

9. Your Rights

You have the right to:

• Access your account information
• Update or correct your information
• Delete your account and all associated data
• Export your vault data
• Opt-out of non-essential communications

10. Chrome Extension Permissions

The Aegis Chrome extension requests the following permissions:

• storage: To store encrypted authentication tokens locally
• identity: To enable Google Sign-In functionality (optional)

We do NOT access your browsing history, other websites, or any data outside of the extension.

11. Children's Privacy

Aegis is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify users of any material changes by updating the "Last Updated" date and, where appropriate, providing additional notice.

13. International Users

Your information may be stored and processed in any country where we operate. By using Aegis, you consent to the transfer of information to countries outside of your country of residence.