Password Privacy Policy

This Password Privacy Policy explains how we handle and protect your password and authentication data when you use our app. By accessing our services, you agree to these terms.

What Password Data We Collect

Authentication Data: When you create an account or log in, we collect encrypted password hashes (not plain text), device identifiers, and login timestamps for security purposes.

Security Metadata: We may record failed login attempts, IP addresses during login, and browser/device details to detect unauthorized access.

How We Use Password Data

• To verify your identity and secure your account.
• To detect and prevent brute-force attacks or suspicious login activity.
• To enforce password reset protocols after security incidents.
• To comply with data protection regulations (e.g., GDPR, CCPA).
• To improve our authentication systems and security measures.

How We Protect Your Password

Encryption: Passwords are hashed using bcrypt/PBKDF2 before storage. We never store or transmit plain-text passwords.
Access Control: Only authorized security personnel can access authentication logs, strictly for incident investigation.
Monitoring: Real-time systems alert us to unusual login patterns (e.g., multiple failed attempts).

Your Password Obligations

You must:
- Avoid reusing passwords from other services.
- Not share your password or OTPs with anyone.
- Enable two-factor authentication (2FA) if available.
Report suspicious activity immediately to security@yourapp.com.

Changes to This Policy

We may update this policy to reflect security improvements. Continued use of the app after changes constitutes acceptance. Major updates will be notified via email or in-app alerts.