Home Strength Checker Password Generator About How It Works Blog Contact Tools
🔒 Privacy Policy

Your privacy, in plain English

We wrote this policy to actually be readable. No legal jargon, no dark patterns. Here's exactly what we collect and what we don't.

🚫

Zero Password Data

We never see, store, or transmit any password you type. Full stop.

🌐

Client-Side Only

All analysis runs in your browser. No server receives your input.

📊

Analytics & Ads

We use Google Analytics and AdSense. Neither ever sees your passwords.

Table of Contents

  1. 1. Overview
  2. 2. What We Don't Collect
  3. 3. What We Do Collect
  4. 4. Cookies & Local Storage
  5. 5. Third-Party Services
  6. 6. Contact Form Data
  7. 7. Your Rights
  8. 8. Children's Privacy
  9. 9. Changes to This Policy
  10. 10. Contact Us
Effective Date: January 1, 2025  ·  Last Updated: May 4, 2025

1. Overview

PasswordStrength.net ("we", "us", "our") operates a free password security tool available at passwordstrength.net. This Privacy Policy explains how we handle information when you use our website.

The short version: we built this tool to be private by design. The core functionality — password analysis and generation — runs entirely in your browser using JavaScript. Your passwords are never sent to any server, never logged, and never stored.

🔒 The most important thing to know: PasswordStrength.net has no server-side component that processes passwords. The zxcvbn library runs locally in your browser tab. You could disconnect from the internet after the page loads and the tool would still work.

2. What We Don't Collect

To be completely explicit, we do not collect, transmit, store, or process:

  • Any password you enter into the strength checker
  • Any password generated by the password generator
  • Keystroke data or timing data from the password input
  • Any form of behavioral tracking tied to specific users
  • Your name, email, or any personally identifying information unless you contact us
  • Location data beyond country-level (from analytics)
  • Device fingerprints or cross-site tracking identifiers

3. What We Do Collect

We use privacy-respecting, aggregated analytics to understand how many people use the site and which pages are most visited. This data is:

  • Aggregated — we see counts, not individual user journeys
  • Non-identifying — we cannot trace any statistic to a specific person
  • Not shared — we do not sell or share analytics with third parties for advertising

Our server logs may also temporarily store standard HTTP request data (IP address, browser, timestamp) for security and abuse prevention purposes. These logs are automatically purged after 7 days and are never used for profiling.

4. Cookies & Local Storage

We do not set any persistent tracking cookies. The only browser storage we use:

  • Session state — which tab you're on (checker vs. generator). This is discarded when you close the tab.
  • Password history — the "Recent Passwords" feature stores generated passwords in your browser's sessionStorage. This is local to your browser, never transmitted to us, and is erased when you close the tab.

Note on third-party fonts: We load fonts from Google Fonts (fonts.googleapis.com). Google may receive a request log entry from your browser. If this concerns you, you can block fonts via your browser or a content blocker — the site functions without them.

Analytics and advertising cookies: Google Analytics sets cookies (such as _ga, _gid) to distinguish users and track sessions. Google AdSense sets cookies to deliver and measure advertisements. These cookies persist for up to 2 years. You can manage or delete them via your browser settings or opt out using the links in Section 5.

5. Third-Party Services

We use the following third-party services. None of these receive your passwords:

  • Google Fonts — for typography (DM Sans, DM Mono). Loaded from fonts.googleapis.com. Subject to Google's Privacy Policy.
  • zxcvbn (Cloudflare CDN) — the password analysis library is loaded from cdnjs.cloudflare.com. Cloudflare may log the request. The library runs entirely client-side after download.
  • Google Analytics — we use Google Analytics to understand aggregate site usage (pages visited, session duration, general geography). Google Analytics sets cookies and may collect your IP address. Data is processed by Google under their Privacy Policy. We have enabled IP anonymisation. You can opt out via the Google Analytics Opt-out Browser Add-on.
  • Google AdSense — we display advertisements served by Google AdSense. Google may use cookies and device identifiers to show you personalised ads based on your interests and browsing behaviour. You can manage ad personalisation at Google Ad Settings. For more information see Google's advertising policies.

Note: Neither Google Analytics nor Google AdSense ever receives any password you type. All password analysis runs locally in your browser before these services load.

6. Contact Form Data

If you use our Contact page to send us a message, we collect:

  • Your name (as provided)
  • Your email address (as provided)
  • The content of your message

This data is used solely to respond to your enquiry. We do not add you to any mailing list without explicit opt-in, and we do not share your contact details with third parties. Contact data is retained for up to 12 months and then deleted.

7. Your Rights

Depending on your location, you may have rights regarding your personal data under GDPR, CCPA, or other applicable laws. These include the right to access, correct, or delete data we hold about you.

Since we collect essentially no personal data in normal site use, exercising these rights is straightforward. If you've contacted us and want your message deleted, email us at privacy@passwordstrength.net and we'll remove it within 5 business days.

8. Children's Privacy

PasswordStrength.net is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has submitted contact information to us, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this policy as our service evolves. If we make material changes that affect how we handle your data, we'll update the "Last Updated" date at the top of this page. Continued use of the site after changes constitutes acceptance of the updated policy.

We will never silently change our stance on password data privacy — if anything changes there, we will communicate it prominently on the site.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, you can reach us through our Contact page or by email at privacy@passwordstrength.net.

For security disclosures specifically, please use the subject line "Security Disclosure" and we'll treat it as priority.