Last updated: February 21, 2026
PasswordLock is an offline-first password manager. Your data never leaves your device. We do not collect, store, or transmit any personal information or usage data.
We do not collect any data. Specifically:
All data you create within PasswordLock — including passwords, notes, and account details — is stored exclusively on your device. Your data is encrypted using AES-256-GCM field-level encryption before being written to the local database.
Your master password is never stored directly. A cryptographic key is derived from it using PBKDF2-SHA256 with 600,000 iterations and used to encrypt and decrypt your vault.
PasswordLock uses the iOS Keychain to securely store encryption keys. The Keychain is a hardware-backed secure storage provided by Apple. These keys never leave the device's secure enclave.
If you enable Face ID or Touch ID, biometric data is handled entirely by iOS. PasswordLock never accesses, processes, or stores your biometric data. We only receive a success or failure response from the operating system.
The PasswordLock AutoFill extension uses an App Group container to share your encrypted vault between the main app and the extension. This data remains on-device and is never transmitted externally. The App Group identifier is group.com.sfmob.passwordmanager.
PasswordLock does not integrate with any third-party analytics, advertising, or data processing services. There are no SDKs that collect or transmit user data.
If you use the encrypted backup feature, backup files are created locally on your device. You control where these files are stored or shared. We have no access to your backups.
PasswordLock does not knowingly collect any information from anyone, including children under the age of 13.
If we update this privacy policy, we will post the revised version on this page with an updated date. Since we collect no data, changes are unlikely to affect your privacy.
If you have questions about this privacy policy, you can reach us at: