Privacy Policy
Effective date: March 2, 2026
1. Introduction
NodeZero is a decentralized password manager distributed as a Chrome browser extension. This Privacy Policy describes what data is collected, how it is stored, and your rights regarding that data. NodeZero is designed from the ground up to minimize data collection — we cannot read, access, or recover your vault contents.
2. Zero-Knowledge Architecture
All vault entries (usernames, passwords, secure notes, card details, and identity information) are encrypted locally in your browser with field-level encryption before any data leaves your device. The encryption keys are derived from either a hardware-backed secret or a PIN that never leaves your device.
We cannot: decrypt your vault, read your passwords, recover your credentials, or access your mnemonic recovery phrase. If you lose both your device access and your recovery phrase, your vault is irrecoverable.
3. Data We Store
| Data | Location | Encrypted |
|---|---|---|
| Vault entries (credentials, notes, cards) | Local + Google Drive (encrypted) | Yes (field-level encryption) |
| Cryptographic identity key | Local browser storage | Yes (encrypted at rest) |
| WebAuthn credential ID | Local browser storage | Plaintext (non-secret) |
| Encrypted vault blob | Your Google Drive | Yes (fully encrypted) |
4. Data We Do NOT Collect
- Emails, phone numbers, or names
- Browsing history or visited URLs
- IP addresses or geolocation data
- Analytics or telemetry data
- Cookies or tracking pixels
- Plaintext passwords or vault contents
5. Extension Permissions
NodeZero requests only the minimum permissions necessary to function:
| Permission | Purpose |
|---|---|
| storage | Store encrypted vault and settings locally |
| contextMenus | Right-click menu for fill, generate, and save actions |
| idle | Auto-lock vault after 10 minutes of inactivity |
| activeTab | Fill credentials into the current active tab only |
| scripting | Inject form-filling code when you use fill/save features |
6. Cloud Sync
When you enable cross-device sync, your encrypted vault bundle is uploaded to your personal Google Drive via the Google Drive API. The bundle is encrypted before upload — Google cannot read its contents. You authorize access through standard OAuth and can revoke it at any time from your Google account settings.
Your vault file is stored in your own Google Drive storage. NodeZero does not operate any central storage server for vault data.
7. WebAuthn & Biometrics
NodeZero uses WebAuthn (FIDO2) for vault authentication. Biometric data (fingerprints, facial recognition) is processed entirely by your device's secure hardware and operating system. NodeZero never receives, stores, or transmits biometric templates. We only receive a cryptographic assertion confirming successful authentication.
8. Recovery Phrase
Your recovery phrase is generated locally, displayed once during onboarding, and immediately wiped from memory after you verify three words. It is never stored by NodeZero, transmitted over the network, or backed up to any server. You are solely responsible for securely storing your recovery phrase.
9. Third-Party Services
NodeZero uses the following third-party infrastructure:
- • Google Drive — stores your encrypted vault file in your own Google Drive. Google has no access to decrypted vault data. You can revoke access at any time.
- • Static hosting provider — hosts this website. No user data is processed.
We do not use Google Analytics, Facebook Pixel, or any other tracking services.
10. Children's Privacy
NodeZero is not intended for children under 13. We do not knowingly collect personal information from children. Since NodeZero does not collect personal information from any users, this is a minimal concern.
11. Data Deletion
Your local vault data can be deleted at any time by removing the NodeZero extension from Chrome. To delete your synced vault, remove the NodeZero file from your Google Drive. Since we have no user accounts and no central server, there is no account to delete.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Since NodeZero has no email or account system, we recommend checking this page periodically.
13. Contact
For questions about this Privacy Policy, email us at intothenode@gmail.com.