Privacy Policy

Last Updated: November 18, 2025

Overview

We DO NOT collect any data. Ever.

Mova Pass is a completely client-side application built with privacy as the core principle. All passwords and passphrases are generated locally in your browser and are never transmitted over the network, stored on our servers, or tracked in any way.

What We DON'T Collect
  • Passwords or generated passphrases
  • User accounts or email addresses
  • IP addresses or location information
  • Usage analytics or telemetry
  • Device fingerprints or tracking cookies
  • Any personal data whatsoever
What We Store Locally
In your browser (localStorage) — under your control
  • Theme PreferenceYour choice of light/dark mode (theme)
  • Language PreferenceYour choice of Ukrainian/English (locale)
  • No PasswordsPasswords are never stored, even locally

You can clear these settings at any time by clearing site data in your browser settings.

How It Works

1. Client-Side Only Generation

All passwords and passphrases are generated locally in your browser using the Web Crypto API (crypto.getRandomValues()). The generation code is JavaScript function that runs exclusively on your device.

2. No Network Requests

No network requests are made during password generation. You can verify this by opening your browser's Developer Tools (Network tab) — you won't see any requests during generation.

3. Open Source

All code is open source and available on GitHub for audit. You can review every line of code to verify we keep our privacy promises.

GDPR Compliance

Mova Pass is fully compliant with the General Data Protection Regulation (GDPR) and other privacy laws because we:

  • Do not collect any personal data
  • Do not process any user-identifying information
  • Do not use tracking cookies
  • Give users full control over their settings

Since we collect no data, there is no data to request, export, or delete.

Security

We implement numerous security measures to protect your privacy:

  • Cryptographically secure random number generation (Web Crypto API)
  • Strict Content Security Policy (CSP) headers
  • HTTPS by default with HSTS (HTTP Strict Transport Security)
  • No third-party scripts or tracking
  • Regular security audits
Changes to This Policy

If we make changes to this privacy policy, we will update the "Last Updated" date at the top of this page. Since we don't collect contact information, we cannot notify you directly of changes. We encourage you to review this page periodically.

Contact

If you have questions about this privacy policy or Mova Pass's privacy practices, you can:

  • Open an issue on GitHub
  • Review the source code for complete transparency
Back to Generator