Passo

Privacy Policy

Effective date: April 3, 2026

This Privacy Policy explains how Passo, the password manager app for iPhone, iPad, Mac, Autofill extensions, and related browser extensions, handles your information.

In short: Passo is designed so your password manager data is stored encrypted on your device and, if you enable sync, uploaded to your private iCloud account in encrypted form. We do not use your password manager contents for advertising, and we do not intentionally collect the master password you use to unlock your password manager.

1. Information We Process

Depending on how you use Passo, the app may process the following categories of information:

Password Manager data you create or import: such as logins, passwords, passkeys, payment cards, secure notes, identification data, tags, linked items, attached website domains, and custom icons.
Security and app state data: encrypted password manager files, sync state, local preferences, subscription status, and extension connection state.
Diagnostic information: crash reports, error logs, and limited technical diagnostics used to detect and fix reliability issues.
Website-related data: domain names or URLs you save in items may be used to fetch site icons or support autofill matching.
Purchase information: if you buy Passo Pro, Apple processes the transaction. We may learn whether your subscription is active, but we do not receive your full payment card details from Apple.

2. How Passo Stores and Protects Password Manager Data

Passo is built as a security-focused password manager. Password Manager data is encrypted locally before it is stored. When optional iCloud sync is enabled, password manager items are encrypted on-device before they are uploaded to CloudKit.

Passo is designed with a zero-knowledge architecture for synced password manager content. Your master password is used locally to unlock your password manager and is not intentionally uploaded to our servers in plain text.

No security system is perfect, and we cannot guarantee absolute security. But we design Passo to minimize access to readable password manager content and to keep sensitive data encrypted wherever reasonably possible.

3. How We Use Information

To create, unlock, display, edit, organize, import, export, and delete password manager items.
To provide Autofill, passkey, browser extension, and local app communication features.
To synchronize encrypted password manager data across your devices when you enable iCloud sync.
To show website icons or other visual context related to saved items.
To manage subscriptions and restore purchases through Apple's systems.
To diagnose crashes, investigate bugs, prevent abuse, and improve app stability.
To comply with applicable law and enforce our legal rights when necessary.

4. Sync, Network Requests, and Third Parties

Passo may interact with the following third-party services or platform providers:

Apple iCloud / CloudKit: if you enable sync, encrypted password manager data is stored in your private iCloud database associated with your Apple account.
Apple StoreKit / App Store: used for subscriptions, purchase validation, and restoring purchases.
Sentry: used for crash reporting and diagnostics in the native apps. Passo configures Sentry with default personally identifiable information collection disabled.
Website icon providers or site requests: when Passo fetches favicons or site icons based on a saved URL or domain, that request may reveal the related domain to the destination service.

Browser extensions and Autofill extensions also process credential-related data locally to provide filling, saving, and passkey flows. Those features may exchange data with the Passo app on your device so the extension can access your unlocked password manager.

5. Analytics and Diagnostics

Passo does not use your password manager contents for advertising. We may collect technical diagnostics, crash information, error messages, and limited usage-related events to understand failures and improve reliability.

Diagnostic data may include device type, operating system version, app version, timestamps, and error context. It should not intentionally include your master password, and Passo disables Sentry's default PII collection setting.

6. Data Retention

Local Library data: remains on your device until you delete it, remove the app, or clear app data.
Synced password manager data: remains in your iCloud account until it is removed through sync, account deletion, or iCloud data management actions under your control.
Diagnostic data: may be retained for as long as reasonably necessary to investigate incidents, maintain service quality, and satisfy legal obligations.

7. International Processing

Depending on the providers involved, diagnostic or infrastructure data may be processed in countries other than the one where you live. For example, Apple and Sentry may process data through their own regional infrastructure. Where we rely on third-party providers, their handling of data is also governed by their own privacy terms.

8. Children's Privacy

Passo is not directed to children under 13, and we do not knowingly collect personal information from children under 13 through the app. If you believe a child has provided personal information to us, contact us and we will review the issue.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date above. Your continued use of Passo after the updated policy becomes effective means the new policy will apply going forward.

10. Contact

If you have questions about this Privacy Policy or Passo's privacy practices, contact:

Email: passo@sent.as
Website: https://kukushi.github.io/app/passo/privacy-policy