Skip to main content

Privacy Policy

epPassword Mobile Application

Effective date: March 16, 2026

EnrichPoint (“we,” “us,” or “our”) operates the epPassword mobile application (the “App”). This Privacy Policy explains how we collect, use, store, and protect your information when you use the App. By using epPassword, you agree to the practices described in this policy.

1. Information We Collect

Account Information

When you sign in with Google or Apple, we receive your name, email address, and profile identifier from the authentication provider. We use this information to create and manage your epPassword account.

Vault Data

The core of epPassword is your encrypted vault. You may store the following types of information:

  • Website and app login credentials (usernames and passwords)
  • Wi-Fi network names and passwords
  • Secure notes and documents
  • Medication details (drug names, dosages, pharmacy information, prescribing doctors)
  • TOTP (two-factor authentication) secrets

Important: All vault data containing sensitive information (passwords, notes, medication details, TOTP secrets) is encrypted with AES encryption on your device before it is stored locally or transmitted to our cloud services. We do not have access to your master password or the ability to decrypt your vault data.

Family and Sharing Data

If you create or join a family plan, we store family membership information, invite codes, and sharing permissions. Shared vault entries are encrypted using RSA key exchange so that only authorized family members can decrypt them.

Biometric Data

If you enable biometric unlock (fingerprint or face recognition), biometric processing is handled entirely by your device's operating system. We do not collect, store, or transmit any biometric data. We only store a flag indicating that biometric unlock is enabled for your account.

Breach Monitoring Data

When you use the breach monitoring feature, we check your passwords against the Have I Been Pwned database using their k-anonymity API. Only a partial hash prefix of your password is sent to the API — your full password is never transmitted to any third party.

Device and Usage Information

We collect basic device information for authentication and app functionality, including device type, operating system version, and app version. We do not collect analytics, usage tracking, or behavioral data.

2. How We Use Your Information

We use your information to:

  • Provide the core password vault and management features
  • Authenticate your identity and secure your account
  • Enable family plan creation, member invitations, and password sharing
  • Sync your encrypted vault across devices via cloud backup
  • Check passwords against known breach databases
  • Analyze password health and provide security recommendations
  • Process subscription purchases and manage Pro tier access
  • Respond to your support requests

3. How We Share Your Information

We do not sell, rent, or trade your personal information. Your information may be shared only in these limited circumstances:

  • With your family members: When you explicitly share a vault entry or create a shared vault, the encrypted entry data is made accessible to the family members you designate. You control exactly what is shared and with whom.
  • Emergency access: If you grant emergency access to a trusted contact, they may access designated vault entries only under the conditions you configure.
  • Service providers: We use Google Firebase for authentication, encrypted data storage (Cloud Firestore), and cloud functions. Google processes data according to their Firebase Privacy Policy. Data stored in Firebase is encrypted at rest and in transit by Google, in addition to our application-level AES encryption.
  • Breach checking: Partial password hash prefixes are sent to the Have I Been Pwned API for breach monitoring. No identifiable information is transmitted.
  • Legal requirements: We may disclose information if required by law, court order, or to protect the rights and safety of our users.

4. Data Storage and Security

epPassword uses a multi-layer security approach:

  • Local storage: Your vault is stored in an encrypted SQLite database on your device. Sensitive fields are individually AES-encrypted.
  • Master password: Your master password is processed through a key derivation function (KDF) with a unique salt. We store only the derived hash — never your actual password. Password comparison uses constant-time algorithms to prevent timing attacks.
  • Cloud storage: When you use cloud backup, your encrypted vault data is stored in Google Cloud Firestore. Data remains AES-encrypted — we cannot decrypt it without your master password.
  • Sharing encryption: Password sharing between family members uses RSA key exchange to ensure only intended recipients can decrypt shared entries.
  • Auto-lock: The app automatically locks after 5 minutes of inactivity, requiring your master password or biometric authentication to reopen.
  • Transport security: All network communication uses HTTPS/TLS encryption.

5. Your Rights and Choices

  • Access and edit: You can view and edit all your vault entries, notes, medications, and other data within the app at any time.
  • Export: You can export your vault data from the app.
  • Delete content: You can delete individual vault entries, shared vaults, or family memberships within the app. You can also request server-side deletion of specific data categories through our data deletion page.
  • Delete account: You can request complete account deletion through our account deletion page or by contacting us at support@enrichpoint.com. We will delete your account, cloud-stored vault data, and all associated information within 30 days.
  • Biometric unlock: You can enable or disable biometric authentication at any time through the app settings.
  • Cloud sync: Cloud backup is optional. You can use epPassword entirely offline with local-only storage.
  • Family sharing: You can leave a family plan or revoke shared access at any time.

6. Children's Privacy

epPassword is not intended for use by children under 13. We do not knowingly collect personal information from children under 13. Family plan members must be at least 13 years of age or have parental consent. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

7. Third-Party Services

epPassword uses the following third-party services:

  • Google Firebase — Authentication (Google Sign-In), Cloud Firestore (encrypted vault storage), Cloud Functions
  • Apple Sign-In — Authentication on iOS devices
  • Have I Been Pwned — Password breach checking (k-anonymity API, no full passwords transmitted)
  • Google Play Billing / Apple In-App Purchase — Subscription payment processing

Each third-party service has its own privacy policy governing data it processes. We encourage you to review their policies.

8. Data Retention

We retain your account and encrypted vault data for as long as your account is active. When you delete individual vault entries, they are removed from both local storage and cloud backup (if enabled). When you delete your account, all associated data — including cloud backups, family memberships, shared entries, and emergency access grants — is permanently deleted within 30 days.

9. International Users

epPassword is available internationally. Your encrypted data may be processed and stored on Google Cloud servers located outside your country of residence. By using the App, you consent to this transfer. Because your vault data is encrypted before transmission, the data stored on our servers is not readable without your master password regardless of server location.

10. California Residents (CCPA)

If you are a California resident, you have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, request deletion of your personal information, and opt out of the sale of personal information. We do not sell personal information. To exercise these rights, contact us at support@enrichpoint.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the App or by updating the effective date above. Continued use of epPassword after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

EnrichPoint
Email: support@enrichpoint.com
Phone: +1 (801) 613-2171
Salt Lake City, Utah