Passlock privacy
Your passwords stay on your Mac. The website measures the website.
Passlock is a local-first macOS password app. The marketing site, free tools, and checkout are separate from your vault — and we keep it that way.
Local password vault
Saved passwords stay in macOS Keychain on your Mac. The marketing site does not host or sync vault contents.
No secrets in the browser
Free tools generate plans, checklists, and reports from categories and counts. They are not designed to receive real passwords, recovery codes, or vault exports.
Site analytics, not vault data
PostHog measures page views, referral attribution, and checkout intent on this website. It does not see the saved-password vault on your device.
Hosted checkout boundary
Card details are entered on ReleaseFlow / Polar. Passlock does not store payment information on this site.
Data table
What we collect, why, and where it lives
Each surface has a different purpose. We list them so you know what is happening on the marketing site, in the free tools, at checkout, and in support — without conflating them with your local vault.
| Surface | Purpose | Examples | Where |
|---|---|---|---|
| Page analytics | Understand which marketing pages, free tools, and blog posts lead to checkout. | URL, referrer, device type, country, button clicks, page-view duration, exception traces. | PostHog (product analytics platform). Tied to anonymous device identifiers, not your Passlock vault. |
| Checkout intent + receipt | Hand off purchase to ReleaseFlow / Polar and confirm the order back to the site. | Product slug, surface, source path, attribution metadata, ReleaseFlow checkout URL, Polar order receipt. | ReleaseFlow + Polar (third-party checkout). They handle payment and receipt processing. |
| Free-tool inputs | Run the password / passkey / migration / breach checklists locally in your browser. | Categories, counts, checklist answers, deadlines. Output is generated and rendered in the browser. | Stays in the open browser tab. Closing or refreshing the page discards it. We do not upload tool inputs to a server. |
| Support email | Answer product, purchase, refund, and technical questions. | Your email address, message body, macOS version, Passlock version, attached non-secret screenshots. | Standard email inbox at hi@kitze.io. Do not include passwords, recovery codes, or vault exports in support email. |
What we never collect
The website and free tools are deliberately not designed to receive sensitive material. Even if you tried to paste it, the tools will treat the input as text and the output stays in your browser tab.
- Master passwords or saved passwords from your vault.
- Recovery keys, 2FA backup codes, security answers, or seed phrases.
- macOS Keychain exports, encrypted vault files, or private keys.
- Real account names — the free tools are designed for categories like "banking" or "work email" instead.
Your rights and choices
Access and deletion requests
Email hi@kitze.io with the email address used at checkout and what you would like to access, correct, or delete. Requests are handled manually.
Marketing communication
Lifecycle and product email, when sent, includes an unsubscribe link. You can also email hi@kitze.io to opt out.
Tracking preferences
Product analytics is implemented in-app via PostHog. Browser-level Do Not Track signals and ad-blockers are respected by the standard PostHog client behaviour.
Cookies and storage
The website uses standard analytics cookies and local browser storage (e.g. PostHog session identifiers). It does not write tracking cookies for ad networks.
Children
Passlock is not directed at children under 13. If you believe a child has provided personal information through the site or support inbox, email hi@kitze.io and we will delete it.
Changes to this page
Material changes will be summarised at the top of this page and announced in product updates. The "Last updated" date reflects the most recent revision.
Privacy or data request?
We answer them by hand at hi@kitze.io.
Include the email address you used at checkout and a short description of what you would like to access, correct, or delete. Do not include passwords or recovery codes.