Privacy Policy

1.Who we are

MaxPassword is provided by MaxTadi. If you have any questions about this policy or your data, contact us at krishna.tadi@gmail.com.

2.The short version

• We do not operate accounts, servers, or databases that hold your passwords.
• Your vault is end‑to‑end encrypted on your device before it is stored or synced.
• If you enable sync, your encrypted vault is stored in your own Google Drive, in a hidden app‑only folder. We use the minimum Google permission required and nothing more.
• We never receive your master password, your encryption key, or your unencrypted data.
• We do not sell or share your data, show ads, or track you.

3.Information the app handles

Information you enter

The app stores the items you create — such as titles, usernames, passwords, notes, and any custom fields — together with a master password you choose. All of this is encrypted on your device. It is stored locally, and (if you enable sync) as an encrypted file in your Google Drive. It is never sent to us.

Information we do not collect

We do not collect analytics, usage statistics, advertising identifiers, location, contacts, or any personal profile. The app contains no third‑party tracking or advertising SDKs.

4.How we use Google user data

Google Drive sync is optional and only active if you choose to connect your Google account. When you do:

• Permission requested: only the https://www.googleapis.com/auth/drive.appdata scope. This grants access exclusively to a hidden, application‑specific folder that MaxPassword creates. It does not grant access to the other files, folders, or content in your Google Drive, and the app cannot read them.
• What we store there: a single encrypted vault file. Because it is encrypted with your master‑password‑derived key, it is unreadable to Google and to us.
• Why: solely to back up your vault and keep it in sync across your own devices.
• Sign‑in: we use Google's standard OAuth 2.0 sign‑in. Authentication tokens are stored securely in your device's Keychain and are used only to access your app‑data folder. We never see your Google password.

5.How your information is protected

• Encryption: vault contents are encrypted with AES‑256‑GCM (authenticated encryption).
• Key derivation: the encryption key is derived from your master password using PBKDF2‑HMAC‑SHA256 with 310,000 iterations and a random salt. The master password is never stored.
• On‑device storage: the encrypted file is protected by the operating system, and biometric unlock keys are held in the device Keychain behind Face ID / Touch ID.
• In transit: all communication with Google uses encrypted HTTPS connections.

No method of storage or transmission is 100% secure, but because your data is encrypted before it leaves your device, a compromise of Google Drive or of us would not expose your passwords.

6.Sharing and disclosure

We do not sell, rent, or share your information. The only third party involved is Google, which stores your already‑encrypted vault on your behalf as your chosen storage provider, governed by Google's Privacy Policy.

7.Data retention and your choices

• Delete your vault: you can erase the local vault from within the app at any time.
• Remove the synced copy: delete the MaxPassword app‑data folder from your Google Drive, or delete the file from within the app.
• Revoke access: you can disconnect MaxPassword from your Google Account at any time via Google Account → Security → Third‑party access.

We retain none of your data ourselves, so there is nothing for us to delete on a server.

8.Children's privacy

MaxPassword is not directed to children under 13 (or the minimum age required in your country), and we do not knowingly collect information from them.

9.Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the “Last updated” date above and, where appropriate, within the app.

10.Contact us

Questions or requests about this policy or your data: krishna.tadi@gmail.com.