Privacy Policy

Effective date: February 20, 2026

Bluejay Labs LLC ("us", "we", or "our") operates the https://passpass.co website (the "Service").

This page informs you of our policies regarding the collection, use, and disclosure of data when you use our Service and the choices you have associated with that data.

By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Definitions

  • Service: The https://passpass.co website operated by Bluejay Labs LLC.
  • Personal Data: Data about a living individual who can be identified from those data.
  • Usage Data: Data collected automatically, generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • Cookies: Small pieces of data stored on your device (computer or mobile device).
  • Data Controller: The natural or legal person who determines the purposes for which and the manner in which any personal information is processed. For the purpose of this Privacy Policy, we are a Data Controller of your data.
  • Data Processors (or Service Providers): Any natural or legal person who processes the data on behalf of the Data Controller.
  • Data Subject (or User): Any living individual who is using our Service.

2. Information Collection and Use

passpass.co is designed to collect as little information as possible. We do not require you to create an account, provide an email address, or share any personally identifiable information to use the Service.

Shared Passwords

When you submit a password to share, we encrypt it using AES encryption and store the encrypted value in our database. We do not store passwords in plain text. Passwords are never associated with any username, account, or website. Shared passwords are automatically destroyed after being viewed by the recipient, or within 24 hours of creation, whichever comes first.

Usage Data

We may collect information about how the Service is accessed and used ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

Tracking & Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of cookies we use:

  • Session Cookies: We use Session Cookies to operate our Service.
  • Security Cookies: We use Security Cookies for security purposes, including CSRF protection.

3. Use of Data

Bluejay Labs LLC uses the collected data for the following purposes:

  • To provide and maintain our Service
  • To gather analysis or valuable information so that we can improve our Service
  • To monitor the usage of our Service
  • To detect, prevent, and address technical issues
  • To protect against abuse, including brute-force attacks and rate limiting

4. Legal Basis for Processing Personal Data Under General Data Protection Regulation (GDPR)

If you are from the European Economic Area (EEA), Bluejay Labs LLC's legal basis for collecting and using the data described in this Privacy Policy depends on the data we collect and the specific context in which we collect it.

Bluejay Labs LLC may process your data because:

  • The processing is in our legitimate interests (providing a secure password-sharing service) and it's not overridden by your rights
  • To comply with the law

5. Retention of Data

Shared passwords are retained for a maximum of 24 hours and are permanently destroyed after being viewed or upon expiration. We do not keep database backups of shared passwords.

Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service.

6. Transfer of Data

Your information, including any data collected through Usage Data, may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside the United States and choose to provide information to us, please note that we transfer the data to the United States and process it there.

Bluejay Labs LLC will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

7. Disclosure of Data

Business Transaction

If Bluejay Labs LLC is involved in a merger, acquisition, or asset sale, your data may be transferred. We will provide notice before your data is transferred and becomes subject to a different Privacy Policy.

Disclosure for Law Enforcement

Under certain circumstances, Bluejay Labs LLC may be required to disclose your data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency). Note that shared passwords are encrypted and automatically destroyed, so in most cases we will not have access to the original password content.

Legal Requirements

Bluejay Labs LLC may disclose your data in the good faith belief that such action is necessary to:

  • Comply with a legal obligation
  • Protect and defend the rights or property of Bluejay Labs LLC
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of users of the Service or the public
  • Protect against legal liability

8. Security of Data

The security of your data is central to our Service. Passwords are encrypted using AES encryption before storage, transmitted only over HTTPS, and permanently destroyed after use or expiration. We implement rate limiting and PIN-based access control to prevent unauthorized access.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security.

9. "Do Not Track" Signals

We do not support Do Not Track ("DNT"). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

10. Your Data Protection Rights Under GDPR

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. Bluejay Labs LLC aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your data.

In certain circumstances, you have the following data protection rights:

  • The right to access, update, or delete the information we have on you.
  • The right of rectification: You have the right to have your information rectified if that information is inaccurate or incomplete.
  • The right to object: You have the right to object to our processing of your data.
  • The right of restriction: You have the right to request that we restrict the processing of your data.
  • The right to data portability: You have the right to be provided with a copy of the information we have on you in a structured, machine-readable, and commonly used format.
  • The right to withdraw consent: You have the right to withdraw your consent at any time where Bluejay Labs LLC relied on your consent to process your data.

Please note that we may ask you to verify your identity before responding to such requests.

11. Service Providers

We may employ third-party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services, or to assist us in analyzing how our Service is used.

These third parties have access to your data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Analytics

  • Google Analytics: Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en

Error Monitoring

  • Airbrake: We use Airbrake for error tracking and monitoring. Airbrake may receive technical data about errors that occur in the Service. Password data is filtered from error reports.

12. Links to Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

13. Children's Privacy

Our Service does not address anyone under the age of 18 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

14. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "effective date" at the top.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

15. Contact Us

If you have any questions about this Privacy Policy, please contact us: