The Passie browser extension (Firefox + Chromium) is a thin client for the Passie macOS application. Its only job is to autofill credentials from your local Passie vault into login forms in the browser. Everything happens on your device. Nothing is sent to us, and nothing is sent to any third party.
Nothing. The Passie extension does not collect, transmit, store, sell, share, or analyze any personal data. There is no Passie account, no Passie server, no telemetry, no analytics, and no crash reporting.
Specifically, we do not collect:
| Permission | Why |
|---|---|
nativeMessaging |
To talk to the PassieBridge helper that ships with the Passie macOS app. All vault data — credentials, OTP secrets, vault metadata — lives in the macOS app and never reaches the extension as plaintext over the wire. The bridge runs locally on your Mac; no network traffic is involved. |
activeTab |
To read the URL and form fields of the page you have focused, so the extension can suggest the credentials that match the current site. The information is only read while the autofill picker is open on that tab; it is not stored, logged, or sent anywhere. |
storage |
To remember local browser-side preferences (e.g., dismissed onboarding banners, per-site "never save" choices). Stored in the browser's local extension storage, never synced to any cloud service we control. |
<all_urls> (optional, Firefox-only) |
To inject the in-page autofill glyph and picker on the sites where you
choose to enable autofill. In Firefox this permission is
optional — you must explicitly grant it the first time,
and you can revoke it at any time via about:addons → Passie →
Permissions. Chromium-family browsers grant it at install time and
similarly let you revoke it. |
The extension does not request: network access
(webRequest, host_permissions to remote hosts), tab
history, bookmarks, browsing history, downloads, cookies, geolocation, camera,
microphone, identity, or any other capability.
Passie macOS app ──(local XPC, on-device only)──> PassieBridge PassieBridge ──(Native Messaging, on-device only)──> browser extension browser extension ──(DOM injection, on-device only)──> current page's form fields
At no point in this flow does any vault data leave your Mac. The browser extension and PassieBridge communicate exclusively through Native Messaging, which is a local stdin/stdout pipe between the browser and a binary on your machine.
None. The extension does not load remote scripts, fonts, analytics SDKs, error reporters, or any other third-party code. The extension's source code is a self-contained ES module bundle with no external runtime dependencies.
The Passie browser extension is open source under the BSD-2-Clause license. The full source code is available at github.com/shadone/passie. Anyone can inspect, build, and audit the extension to verify these claims.
Because we do not collect any data, there is no data to access, correct, export, restrict, or delete. For rights pertaining to the local vault file, see the Passie app privacy policy.
The extension is suitable for all ages. We do not knowingly collect data from anyone, regardless of age.
If the extension's behavior ever changes in a way that affects this policy — for example, if a future version adds a feature that requires sending data off-device — this document will be updated and the change will be reflected in the next extension release. The policy version line at the top tracks the last update date.
Questions about this policy can be sent to denis@ddenis.info or filed as a GitHub issue at github.com/shadone/passie/issues.