Privacy Policy

Last updated: January 2025

Zero Data Collection

Passthing collects zero data. We mean it.

  • No analytics
  • No telemetry
  • No crash reports
  • No usage tracking
  • No identifiers
  • No fingerprinting

We don't collect any data because we built Passthing on the principle that your passwords are your business, not ours.

What Stays on Your Device

Everything about Passthing stays on your device:

  • Device Secret: A random 256-bit secret generated once on your device, never transmitted anywhere
  • Enrollments: Your visual signatures (perceptual hashes and cryptographic hashes) stored locally
  • Settings: Your preferences, profiles, and configurations
  • Passwords: Never stored—generated on-demand and copied to clipboard only

This data never leaves your device unless you explicitly choose to back it up or sync it to another device you own.

No Cloud. No Servers. No Network.

Passthing works 100% offline, always. There are no servers to compromise, no cloud accounts to breach, no network connections to intercept.

The only time Passthing uses your network is when you explicitly initiate a device-to-device sync over local WiFi. Even then:

  • Data stays on your local network
  • Transfer is encrypted with a passphrase you create
  • Both devices verify a 6-digit code before connecting
  • No data goes to the internet

Camera and Photo Access

Passthing requires camera and photo library access to function, but:

  • Camera frames are processed locally and immediately discarded
  • Only the mathematical signature (perceptual hash or cryptographic hash) is saved
  • Your actual photos are never stored by Passthing
  • No images are ever transmitted anywhere

Biometric Authentication

If you use Face ID or Touch ID to protect Passthing:

  • Your biometric data stays in iOS Secure Enclave
  • Passthing never sees your biometric data
  • We only receive a yes/no authentication result from iOS

Third-Party Services

Passthing uses zero third-party services:

  • No analytics SDKs
  • No advertising frameworks
  • No crash reporting services
  • No social media integrations
  • No payment processors (one-time purchase via Apple)

Open Source

Don't take our word for it. Passthing's core cryptographic library (VisualKeyKit) is open source. You can verify that we do exactly what we say:

github.com/eacoleman/VisualKeyKit

Changes to This Policy

If we ever change this privacy policy (spoiler: we won't, because there's nothing to change), we'll update the "Last updated" date at the top of this page.

But realistically, any change to this policy would violate the core principle of Passthing: zero knowledge, zero data collection, zero compromise.

Contact

Questions about privacy? Email us at support@passthing.app