Prevent Pwned Passwords is designed to help keep you safe while browsing the web by ensuring you don’t use a password that is known to have been part of a data breach.
Accordingly, we’re very careful with your data. Whenever we check to see if a password has been involved in a past breach, we take the following measures:
* The password is hashed before we begin working with it at all. (Hashing is a one-way encryption method.)
* No password is ever sent in plain text.
* The hash is sent securely over HTTPS to Have I Been Pwned, the service which checks for breaches.
* No additional identifying data is sent with the hash. This means that any other data, such as any username you enter or even the site that you’re entering the password on, is not sent.
* We do not persistently store any data you enter, including any passwords or hashes.
* The only data we store is a list of domains that you have chosen to whitelist.
* We do not store or collect any contact information, and will not (and can not) contact you.
* You can uninstall the extension at any point to stop the transmission of hashes to Have I Been Pwned.