AddrPass
Get started free

Legal

Privacy Policy

Last updated: March 26, 2026

Who we are

AddrPass is operated by Omelas (“we”, “us”, “our”). Our infrastructure is hosted in Germany (EU). We are committed to protecting your privacy and handling your data transparently.

What data we collect

  • Account information: Email address and hashed password when you register.
  • Addresses: The addresses you choose to store in your vault. These are stored encrypted at rest.
  • Access logs: IP address, user agent, and timestamp when someone resolves one of your share links. This is shown to you in your dashboard so you can monitor access.
  • Usage data: Monthly resolution counts for billing purposes (paid plans only).

What data we do NOT collect

  • We do not use cookies for tracking or advertising.
  • We do not use analytics services (no Google Analytics, no trackers).
  • We do not sell, rent, or share your personal data with third parties.
  • We do not use your data for advertising or profiling.

How we use your data

  • Authentication: Your email and password are used to sign you in.
  • Address sharing: When you create a share link, the recipient can view the address fields you authorized. You control the scope, expiration, and access limits.
  • Access monitoring: Access logs are collected so you can see who accessed your address and when.
  • Billing: Resolution counts are tracked to enforce plan limits and calculate usage-based billing.

Browser extension

The AddrPass browser extension:

  • Stores your authentication token and cached addresses locally in your browser using chrome.storage.local.
  • Communicates only with api.addrpass.com to authenticate, fetch addresses, and create share links.
  • Detects address form fields on web pages using HTML attributes (autocomplete, name, id, placeholder). It does not read or transmit page content.
  • Does not use remote code. All scripts are bundled locally in the extension package.
  • Does not collect browsing history, analytics, or telemetry.

Data storage and security

  • All data is stored on servers in Germany (EU).
  • All connections use TLS encryption (HTTPS).
  • Passwords are hashed with bcrypt before storage.
  • Share tokens are generated using 144-bit CSPRNG and are not reversible.
  • API keys are stored as bcrypt hashes; the plaintext is shown only once at creation.

Your rights

Under GDPR and applicable data protection laws, you have the right to:

  • Access: View all data we hold about you (visible in your dashboard).
  • Rectification: Update your addresses and account information at any time.
  • Deletion: Delete your account and all associated data.
  • Portability: Export your data via the API.
  • Revocation: Revoke any share link instantly, cutting off access.

Self-hosted instances

If you self-host AddrPass, your data never touches our servers. You are responsible for your own data storage, backups, and compliance. This privacy policy applies only to the cloud service at addrpass.com.

Third-party services

  • Cloudflare: DNS and static site hosting for addrpass.com. Cloudflare may process request metadata (IP, headers) per their privacy policy.
  • Stripe: Payment processing for paid plans. We do not store credit card information; Stripe handles this directly.

Changes to this policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. For significant changes, we will notify registered users by email.

Contact

For privacy questions or data requests, open an issue on GitHub or email us at privacy@addrpass.com.