Privacy Policy

1. Introduction

KeyFlair ("we", "our", "the extension") is a password manager Chrome extension developed by brlabs.dev. We are committed to protecting your privacy. This policy explains what data KeyFlair handles, how it is stored, and your rights regarding that data.

2. Data We Collect

KeyFlair does not collect, transmit, or store any personal data on external servers. All data processing happens locally on your device.

The following data is stored locally in your browser using the Chrome Storage API:

• Encrypted vault data — Your saved credentials (usernames, passwords, URLs, notes) are encrypted with AES-256-GCM using a key derived from your master password via PBKDF2.
• Vault metadata — Non-sensitive information such as entry count, creation date, and last update timestamp.
• Extension settings — Your preferences such as auto-lock timeout and autofill settings, stored within the encrypted vault.
• License/trial status — Whether you have a PRO license or are using the free trial, and the associated license key if activated.

3. Authentication Data

KeyFlair stores login credentials (usernames and passwords) that you explicitly save to your vault. This data is:

• Encrypted locally using AES-256-GCM before being written to storage
• Only decryptable with your master password
• Never transmitted to our servers in any form
• Automatically locked after a configurable timeout period

4. Website Content Access

KeyFlair's content script runs on web pages to detect login forms (password and username input fields) and provide autofill functionality. The extension:

• Scans for password and username input fields on the current page
• Fills credentials only when you explicitly select an entry
• Does not read, collect, or transmit any other page content
• Does not track your browsing history or web activity

5. Google Drive Sync (Optional)

If you choose to enable Google Drive sync, the extension will:

• Request access to your Google account via OAuth2 (using the identity permission)
• Upload your encrypted vault file to your personal Google Drive
• Use the drive.file scope, which only allows access to files created by KeyFlair
• Never access any other files on your Google Drive

6. Data We Do NOT Collect

KeyFlair does not collect or process:

• Personally identifiable information (name, email, address, age)
• Browsing history or web activity
• Health or financial information
• Location data
• Analytics, telemetry, or usage statistics
• Keystroke logging or mouse tracking data

7. Third-Party Data Sharing

We do not sell, transfer, or share any user data with third parties. Your data is never used for:

• Advertising or marketing purposes
• Determining creditworthiness or lending purposes
• Any purpose unrelated to the core functionality of the password manager

8. Data Security

KeyFlair uses industry-standard encryption to protect your data:

• AES-256-GCM for vault encryption
• PBKDF2 with a high iteration count for key derivation from your master password
• Cryptographically random salts generated for each vault
• Session-based key storage — the decryption key is cleared from memory when the vault is locked or the browser is closed

9. Your Rights

Since all data is stored locally on your device, you have full control over it at all times:

• Access — View all your stored data through the Vault Manager
• Export — Export your vault in JSON or CSV format at any time
• Delete — Remove individual entries or uninstall the extension to delete all data
• Portability — Import/export is compatible with KeePass and other password managers

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be reflected on this page with an updated "Last updated" date. We encourage you to review this policy periodically.

11. Contact

If you have questions about this Privacy Policy or KeyFlair's data practices, please contact us at:

• Website: brlabs.dev