Heads up! This Privacy Policy was updated on June 23, 2025, to include details about our new API.

Privacy Policy

Last updated: June 23, 2025

Overview

TofuPass is committed to protecting your privacy. This Privacy Policy explains how we handle (or rather, don't handle) your information when you use our password generation services, including our website and our public API.

Information We Don't Collect

TofuPass is designed with privacy as its core principle. We want to be radically transparent about what we don't do:

  • We do not log, store, or transmit any generated passwords or passphrases.
  • We do not track your password generation patterns or API requests.
  • We do not collect any personal information (PII) like your name, email, or IP address.
  • We do not use analytics services (like Google Analytics).
  • We do not use advertising trackers or third-party ad services.

How It Works: Website vs. API

It is important to understand the distinction between using the TofuPass website and the TofuPass API.

  • Website Usage: All password and passphrase generation on the TofuPass website occurs entirely within your browser (client-side) using JavaScript. No data is sent to our servers during this process. The website is stateless, meaning it doesn't remember anything about your visit or usage.
  • API Usage: When you make a request to our API endpoints (e.g., /api/password), the generation occurs on our server. The generated password is sent directly back to you in the API response over a secure HTTPS connection. The server does not log the request or the generated password.

Local Storage

The only data we store locally on your device is your theme preference (light/dark mode). This information is stored in your browser's local storage and never leaves your device. You can clear this at any time through your browser settings.

Cloudflare CDN

We use Cloudflare as our Content Delivery Network (CDN) to ensure the website is fast and secure. Cloudflare may place cookies on your device for security and performance purposes (e.g., identifying trusted traffic). Please refer to Cloudflare's Privacy Policy for more information about their data practices.

Security

While we don't collect your data, we still take security seriously:

  • All traffic to and from TofuPass (website and API) is encrypted using HTTPS.
  • Website generation is performed locally in your browser.
  • API generation is performed on our server, but the results are not logged or stored.
  • No passwords are transmitted over the network when using the website generator.
  • No passwords are ever stored in cookies or local storage.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new privacy policy on this page and updating the "Last updated" date at the top.

Contact Us

If you have any questions about this Privacy Policy, you can contact us at:

contact[at]tofuwater.com