ZZPass.com
Last updated: February 26, 2026
The Short Version: We cannot access your passwords, notes, TOTP codes, or any data stored in your vault. Your data is encrypted on your device before it syncs to iCloud. We don't collect analytics, we don't track your usage, and we don't sell your data to anyone. Your privacy isn't a feature—it's our foundation.
ZZPass is built on a zero-knowledge architecture. This means:
✓ Your primary password never leaves your device
✓ Your vault data is encrypted with AES-256 on your device before syncing
✓ We have no technical ability to decrypt your data, even if legally compelled
✓ We don't know what passwords you store, how many you have, or when you use them
✓ We collect zero analytics or usage telemetry from the app
Encrypted locally, stored in iCloud:
• Passwords and usernames
• Secure notes
• TOTP secret keys
• Website URLs
• Metadata (creation dates, titles)
All of this data is encrypted on your device using your primary password as the key. It syncs to iCloud as encrypted blobs. We never have access to the decrypted data or your encryption key.
Your primary password exists only on your devices. It never transmits to our servers or Apple's servers. It's used exclusively to encrypt/decrypt your vault locally.
Important: If you forget your primary password, we cannot recover it for you. Use the account recovery key feature or emergency kit for backup access.
Unlike other password managers, ZZPass does not collect:
• Which websites you visit
• When you log into accounts
• How often you use the app
• What features you use
• Analytics or crash reports
To provide ZZPass service, we collect only the minimum necessary information:
Why we collect it: Your email serves as your unique account identifier and allows us to:
• Send password reset verification codes
• Communicate critical security updates
• Send subscription receipts (if you upgrade)
• Provide customer support when you contact us
How we use it: We never share, sell, or rent your email address to third parties. We don't send marketing emails unless you explicitly opt in.
Handled by Apple: If you subscribe to ZZPass Premium, all payment processing is handled exclusively by Apple through the App Store. We never see or store your credit card number, billing address, or payment details.
Apple provides us only with: subscription status (active/expired) and subscription tier (monthly/yearly). We don't receive your payment method or financial information.
For multi-device management: When you sign into ZZPass on a new device, we store:
• Device name (e.g., "John's iPhone")
• Device type (iPhone, iPad, Mac)
• Last sync date
This allows you to see which devices have access to your vault and remotely sign out devices if needed. This data is encrypted and stored securely.
AES-256 encryption: Your vault data is encrypted using AES-256, the same encryption standard used by governments and financial institutions worldwide.
Derived key: Your encryption key is mathematically derived from your primary password using PBKDF2 with 100,000 iterations, making brute-force attacks computationally infeasible.
Already encrypted before upload: Your vault is encrypted on your device before being sent to iCloud. Apple stores encrypted data, not plaintext passwords.
Apple's infrastructure: iCloud data is stored in Apple's data centers with their security measures. Neither Apple nor ZZPass can decrypt your vault without your primary password.
Client-side encryption: All encryption and decryption happens on your device. Your primary password and encryption keys never leave your device.
Cannot be compelled: Because we don't have access to your data, we cannot be forced by any government or legal entity to hand over your passwords.
Apple Services: ZZPass uses Apple's infrastructure for essential services:
• iCloud - Encrypted vault sync (you can disable this and use local-only mode)
• App Store - App distribution and subscription processing
• CloudKit - Account management and device synchronization
Apple's privacy practices are governed by their own privacy policy. We chose Apple's ecosystem specifically because of their strong privacy stance and zero third-party advertising.
No other third parties: ZZPass does not use analytics services, advertising networks, crash reporting tools, or any other third-party services that could access your data.
You can export your entire vault at any time:
• CSV format for importing to other password managers
• Emergency Kit PDF with all passwords and recovery key
• Individual password printing
Your data is never locked in. Leave ZZPass anytime with your complete password archive.
Settings → Account → Delete Account
This immediately and permanently deletes:
• Your account and email from our records
• Your encrypted vault from iCloud
• All device registrations
• Subscription information (if applicable)
This action cannot be undone. Export your data first if you want to keep a copy.
You control your privacy:
• Disable iCloud sync (use local-only mode)
• Sign out remote devices
• Change your primary password anytime
• Use Face ID/Touch ID instead of typing passwords
• Set auto-lock timeout
Active accounts: Your encrypted vault data is retained as long as your account is active. We keep your email and subscription status for account management.
Deleted accounts: When you delete your account, all data is immediately purged from our systems and iCloud. We don't keep backups of deleted accounts.
Legal compliance: We may retain minimal data (email, account ID) for up to 90 days if required by law for fraud prevention or legal obligations.
What we could be compelled to share: If legally required by Norwegian law or valid international legal process, we could be compelled to share:
• Your email address
• Account creation date
• Last login timestamp
• Subscription status
• Registered device types
What we cannot share: Because of our zero-knowledge architecture, we cannot provide:
• Your passwords or vault contents (we don't have access)
• Your primary password (we don't store it)
• Which websites you use or when you log in (we don't collect this)
Transparency: If we receive a valid legal request, we will notify you unless prohibited by law. We will challenge overly broad or improper requests.
ZZPass is not directed to children under 13 (or under 16 in the EU). We don't knowingly collect information from children. If you're a parent and believe your child has provided us with personal information, contact us at privacy@zzpass.com and we'll delete it immediately.
Company location: ZZPass AS is located in Norway, which has strong data protection laws comparable to the EU's GDPR.
iCloud storage: Your encrypted vault may be stored in Apple's iCloud data centers located in various countries. Apple is responsible for compliance with data protection regulations. Your data is encrypted before leaving your device, so location of storage doesn't affect security.
GDPR compliance: If you're in the EU/EEA, you have additional rights under GDPR including data portability, right to be forgotten, and right to access your data. Contact privacy@zzpass.com to exercise these rights.
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.
How we'll notify you:
• Material changes will be announced in-app before they take effect
• The "Last updated" date at the top will be updated
• For significant changes affecting your rights, we'll email you
Your continued use: By continuing to use ZZPass after changes become effective, you accept the updated Privacy Policy. If you don't agree with changes, you can export your data and delete your account.
If you have questions about this Privacy Policy or how we handle your data:
Email: privacy@zzpass.com
Company: ZZPass AS
Address: Austerheimkroken 3, Norway
In-App: Settings → Help & Feedback
We respond to privacy inquiries within 48 hours.
Most password managers can access your data. ZZPass cannot.
✓ We don't collect analytics
✓ We don't track your behavior
✓ We don't sell your data
✓ We don't use third-party services
✓ We can't decrypt your vault
✓ We can't see your passwords
✓ We can't recover your primary password
Your security and privacy aren't features we added—they're the reason we built ZZPass.
© 2026 ZZPass AS. All rights reserved.
Austerheimkroken 3, Norway