Password Hero is a local-first password manager for macOS, iOS, and Chrome. This policy explains what data Password Hero handles, how it is used, and when it is shared.
Data Password Hero Handles
Password Hero may handle the following data only to provide password manager functionality:
- Vault data you enter, such as login titles, usernames, passwords, website URLs, notes, one-time password secrets, credit card fields, tags, favorites, and custom fields.
- Security settings, trial or purchase entitlement state, vault metadata, and app preferences.
- Website information needed for autofill, such as the current page URL, page title, visible form field labels, field types, and form metadata.
- Generated passwords and one-time password codes when you request them.
- Basic diagnostic information written locally by the macOS Chrome native messaging host to help troubleshoot connection failures.
How Data Is Used
Password Hero uses this data to:
- Create, encrypt, decrypt, display, search, audit, import, sync, fill, save, and update your password vault items.
- Match saved logins to websites and fill credentials in Chrome, Safari, iOS apps, and supported system autofill surfaces.
- Generate secure passwords and one-time password codes.
- Unlock the app and extensions using your master password or device biometrics.
- Sync encrypted vault data through Apple iCloud when iCloud sync is enabled.
- Verify local purchase or trial access through Apple platform services.
Storage and Encryption
Vault contents are encrypted on device using AES-256-GCM before they are stored. Your master password is not stored by Password Hero. Authentication material and salts are stored in Apple Keychain. When iCloud sync is enabled, encrypted vault data may sync through Apple iCloud under your Apple account.
Chrome Extension Data
The Chrome extension runs on web pages so it can detect login, password, and verification-code fields. It sends the current page URL and form metadata to the local Password Hero native messaging host on your Mac to find matching logins. When you choose to fill an item, the native host returns the selected credential to the extension so it can fill the page.
The Chrome extension does not send your browsing activity, page content, credentials, or form metadata to Password Hero servers. Password Hero does not use remote hosted code in the Chrome extension.
Sharing
Password Hero shares data only as needed to provide the product:
- Apple may process encrypted iCloud sync data, Keychain data, biometric prompts, StoreKit purchase state, and crash or platform diagnostics according to your Apple settings and Apple's privacy terms.
- Chrome receives extension package code and browser API interactions required for the extension to run.
- Password Hero may disclose information if required by law or to protect users from fraud, abuse, or security threats.
Password Hero does not sell user data, transfer user data to advertising platforms or data brokers, or use user data to determine creditworthiness.
Chrome Web Store Limited Use
Password Hero's use and transfer of information received from Chrome extension APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements.
Retention and Deletion
Your vault data remains on your devices and, if enabled, in your iCloud account until you delete it. You can delete vault items in Password Hero. You can remove local app data by deleting Password Hero data from your device, and you can manage iCloud data through Apple's iCloud settings.
Children
Password Hero is not directed to children under 13, and Password Hero does not knowingly collect personal information from children.
Changes
This policy may be updated as Password Hero changes. The latest version will be posted on this page with the updated date.
Contact
For privacy or support questions, contact Mandark Labs through the support channel listed on the Password Hero website or App Store listing.