Privacy Policy

Service: Refers collectively to the passbook.family website (the “Landing Page”), the view.passbook.family web application (the “Web App”), and the Passbook Desktop Application.

Account Data: Information you provide to us to create your account, specifically your Name and Primary Email Address.

Portfolio Data: Your financial holdings, transactions, and documents. This data is processed locally and is never seen or stored by the Company.

Local-First: An architecture where data is stored on your device and your personal cloud (Google Drive), ensuring the user retains total control.

DPDP Act: The Digital Personal Data Protection Act, 2023 (India).

Hardware-Bound Security: On the Desktop App, your encryption keys are stored directly in your device's native hardware, such as the Secure Enclave on macOS or the TPM (Trusted Platform Module) on Windows. We also utilize native OS Keychains to ensure these keys never leave your physical device.

Zero-Knowledge Encryption: We use industry-standard cryptographic algorithms, including Argon2id for Master Password derivation and ChaCha20-Poly1305 for bulk data encryption.

Browser-Side Decryption (Web Access): When you use view.passbook.family, the encrypted vault is pulled directly from your Google Drive to your browser. Decryption happens entirely within your browser's memory using your Master Password. The decrypted data never touches our servers and is never stored on our servers.

Volatile Memory: Once you log out or refresh your browser, the decrypted data vanishes from the browser's memory. It is a direct, secure connection between your Google Drive and your browser.

No Access to Keys: We do not store your Master Password, your local encryption keys, or your decrypted portfolio data on our servers.

Local Recovery Path: You can reset your Master Password only from the original device where the Passbook Desktop App was installed.

Device Authentication: The reset process requires you to authenticate using your device's native biometrics (TouchID/FaceID) or your system password to access the encryption keys stored in your hardware.

Re-Encryption: Upon successful authentication, you can set a new Master Password. Passbook will then automatically re-encrypt your local database and your Google Drive backup with the new key.

Critical Note: If you lose both your Master Password and access to your original device (including its OS credentials), your data cannot be recovered.

Identity Data: Your Name and Primary Email Address. This is used for tracking your subscription, validating your 14-day trial, and providing technical support.

Communications: We use your email address to send you the following categories of communications: (a) Waitlist and launch notifications — if you joined our waitlist, we will email you when Passbook launches and with occasional pre-launch product updates; (b) Account and subscription management — billing confirmations, trial reminders, subscription renewals, and security alerts; (c) Family sharing invitations — if another Passbook user adds your email address to invite you to access their shared vault, we will send you a one-time invitation email. You may unsubscribe from waitlist and marketing emails at any time using the unsubscribe link in any email. Subscription and security emails are essential to the service and cannot be opted out of while your account is active.

Anonymized Installation ID: We generate a unique ID for your installation by hashing hardware identifiers using a one-way cryptographic function (SHA-256). This identifies a unique installation of the software and is used for two purposes: (a) managing your active license and subscription, and (b) as the anonymized identifier in our usage analytics. It does not identify you personally or reveal your specific hardware details.

Usage Analytics: We use Aptabase, a privacy-focused and open-source analytics tool, across the Landing Page, Web App, and Passbook Desktop application to track app performance and errors and to help us improve service quality. Analytics events from the Passbook Desktop application also include an anonymized device identifier (a one-way SHA-256 hash of your hardware ID) and plan details such as plan type, subscription status, and subscription dates. This identifier cannot be reversed to determine your actual hardware details and is not linked to your name or email address within our analytics system. We do not collect any Personally Identifiable Information (PII) or financial data through these analytics.

Visitor Stitch ID: On the Landing Page and Web App, we use sessionStorage to store a temporary, random visit_stitch_id. This allows us to understand navigation flow within a single tab session. It is not linked to your identity and is purged when the tab is closed.

Primary Cloud Sync: By design and architecture, Passbook is always in sync with the Google Drive (appDataFolder) associated with your primary email. This ensures your data is backed up and available to you across your Desktop and Web views. This architectural sync is a core feature and cannot be disabled.

Family Sharing (Peer-to-Peer): Sharing your vault with a family member is a direct peer-to-peer process. When you add a family member's Drive, the Passbook Desktop app places an encrypted copy of your data directly into their Google Drive account. We do not maintain a central invite system or route this data through our servers.

Revocation: You retain full control over shared access. If you remove a family member, Passbook instantly deletes the shared data from their Google Drive account.

Legal Requirements: If required by law or in response to valid requests by public authorities (e.g., a court or government agency).

Service Providers: We share necessary account details with third-party payment processors (such as Razorpay, Stripe, or other authorized providers) to facilitate your subscription.

Personal Cloud Storage Providers: Your encrypted vault data is stored in your personal Google Drive account. Google operates as your personal cloud storage provider under your own Google account terms — not as a data processor acting on our behalf. We do not share readable or decrypted data with Google or any cloud provider. Only you hold the decryption keys. Future versions of Passbook will support additional personal cloud providers including Dropbox, Microsoft OneDrive, and Apple iCloud under the same peer-to-peer, encrypted model.

In compliance with Indian law, you have the right to access, correct, or erase your account data, as well as the Right to Nominate a person to exercise these rights on your behalf.

To exercise any of these rights, or to withdraw your consent to the processing of your personal data, email us at [email protected] with the subject line "Data Rights Request." We will respond within 7 days. Withdrawal of consent is as simple as sending that email — no forms, no friction. Note that withdrawing consent will require us to delete your Account Data, which will deactivate your Passbook license. Your Portfolio Data, which lives on your device and Google Drive, is entirely under your control and can be deleted by you directly at any time.

Nominee Limitation: Because of our zero-knowledge architecture, we cannot "hand over" your Portfolio Data to a nominee. Your nominee will require your Master Password and access to your device to view your financial records. We can only provide a verified nominee with basic account metadata, such as registration status.

Landing Page: We use zero marketing or tracking cookies.

Web App & Google Identity: The Web App utilizes Google Identity Services to facilitate your Google Drive connection. Google may set functional cookies (e.g., g_state) to manage the sign-in interface.

Session Storage: We use sessionStorage to maintain authenticated sessions in the Web App. This data remains strictly in your browser and is deleted when you sign out or close the tab.