Privacy Policy
At Random Password Generator, your privacy is our top priority. This policy explains how we handle your data (spoiler: we don't collect any).
Last updated: January 2025
Data Collection
What We Collect
Nothing.
We do not collect, store, log, or transmit any passwords you generate. All password generation happens entirely in your browser using JavaScript. No data is sent to our servers or any third-party services (except as noted below for optional features).
What We Don't Collect
- Passwords you generate
- Personal information (name, email, etc.)
- Browser fingerprints
Client-Side Processing
All password generation, encryption, and processing occurs entirely within your web browser. Your passwords never leave your device. We cannot see, access, or recover passwords you generate.
The website uses JavaScript running in your browser to:
- Generate random passwords using cryptographically secure methods
- Calculate password strength
- Create QR codes locally
- Export data to CSV/XLSX files on your device
Third-Party Services
Have I Been Pwned API (Optional)
When you use the "Check Breach" feature, your browser sends a request to the Have I Been Pwned API. To protect your privacy, we use k-anonymity:
- Your password is hashed locally using SHA-1
- Only the first 5 characters of the hash are sent to the API
- The API returns all breached passwords matching that prefix
- Your browser checks locally if your password is in that list
- Your actual password is NEVER transmitted
This feature is completely optional. You can use all other features without ever making external requests.
Google Sheets Export (Optional)
When you use the "Export to Google Sheets" feature, we provide instructions to copy your passwords and manually paste them into Google Sheets. This happens entirely on your device. We do not integrate with Google's APIs or send data to Google on your behalf.
CDN Services
We use Content Delivery Networks (CDNs) to load libraries like Bootstrap and QRCode.js. These are standard web technologies and do not track or collect your personal information beyond standard web server logs (IP address, browser type) that we do not have access to.
Local Storage
We use your browser's localStorage to remember your dark mode preference. This data:
- Never leaves your device
- Is not accessible to us
- Can be cleared by clearing your browser data
- Does not contain any sensitive information
Note: We do NOT implement the "password history" feature to avoid storing passwords locally, even encrypted.
Cookies
We use cookies for the following purposes:
- Session cookies: Required for basic website functionality (e.g., maintaining your session while navigating between pages)
- Analytics cookies: Google Analytics cookies to understand how visitors use our website (see Analytics section below)
We do not use third-party advertising cookies.
Analytics and Tracking
Google Analytics
We use Google Analytics to understand how visitors use our website. Google Analytics collects information such as:
- Pages you visit and time spent on each page
- How you arrived at our website (referrer)
- General location (country, city) based on IP address
- Browser type, device type, and screen resolution
- Interactions with page elements
Important: Google Analytics does NOT have access to the passwords you generate. All password generation happens in your browser and is never transmitted to Google or our servers.
Google Analytics uses cookies to track your visit. For more information about how Google uses data collected through our use of Google Analytics, please visit How Google uses information from sites or apps that use our services.
What We Do NOT Track
We do not use Facebook Pixel or other social media tracking pixels. We do not track individual passwords or any sensitive information you generate on this site.
Data Security
Since we don't collect or store any of your data, there's no data for us to lose in a security breach. Your generated passwords exist only:
- In your browser's memory while the page is open
- In your clipboard when you copy them
- In files you download (CSV, XLSX) on your device
We recommend:
- Using HTTPS (which we enforce) to protect data in transit
- Closing browser tabs after generating passwords
- Storing downloaded files securely
- Using a password manager to store generated passwords
Your Rights
Since we don't collect any personal data, there is no data to:
- Request access to
- Request deletion of
- Request portability of
- Object to processing of
You have complete control over any data generated by this tool since it never leaves your device.
Children's Privacy
This service is available to users of all ages. Since we don't collect any personal information, there is no risk to children's privacy. We do not knowingly collect information from anyone, including children under 13.
Open Source
Our code is transparent and can be audited. You can inspect the source code to verify that we don't collect or transmit passwords. We encourage security researchers to review our code.
Changes to This Policy
If we ever change how we handle data (which would require a fundamental redesign of our tool), we will update this policy and notify users prominently on the website. However, our commitment to client-side-only password generation will not change.
GDPR Compliance
Since we don't collect, process, or store personal data, most GDPR requirements don't apply to our service. However, we are committed to privacy principles:
- Data minimization: We collect zero data
- Purpose limitation: No data means no purposes
- Storage limitation: No storage of personal data
- Transparency: This policy clearly explains our practices
Contact
If you have questions about this privacy policy or our data practices, please contact us.
Website: https://www.random-password.co.uk
Summary
Your Privacy is Protected
Bottom line: All passwords are generated in your browser. Nothing is sent to our servers. We use Google Analytics to understand website usage, but we can't see your passwords. Your passwords never leave your device.