Vulpo Hub

Privacy Policy

Vulpo Password Manager — browser extension

Last updated: 18 June 2026

The Vulpo Password Manager browser extension is a client for your own Vulpo vault. It lets you autofill and copy credentials that you have stored in your Vulpo account. This policy explains exactly what data the extension handles, where it goes, and how you stay in control of it.

In short: every network request the extension makes goes exclusively to the Vulpo API at hub.vulpo.be. There are no third-party servers, analytics, trackers, advertising, or external/remote code of any kind.

Data we transmit to the Vulpo API

To operate your vault, the extension sends the following data — and only to https://hub.vulpo.be:

  • Your email address and master/account password are sent to the login endpoint (/api/v1/login) to authenticate you.
  • After login, the extension receives and stores a session token and basic user profile information.
  • It fetches your list of vault credentials, and reveals individual username/password secrets on demand — all from https://hub.vulpo.be.

All of this data goes to the Vulpo API only. No other server ever receives it.

Data stored locally on your device

The following is kept in your browser's local extension storage and is never sent anywhere beyond Vulpo's own API:

  • Your session token and basic user information.
  • Your biometric-unlock setting, theme preference, and the API base URL.

An “unlocked” flag is kept in session storage and is cleared automatically when the browser closes.

Data processed locally only

Some data is used only on your device and is never transmitted or stored remotely:

  • The URL of your active browser tab is read locally to show credentials matching the current site. It is not sent to any server or saved.
  • Only the credential you explicitly select is filled into the active tab. Page content is not collected, and secrets are only ever revealed on your explicit action.

Permissions and why we need them

storage
Keeps your session and settings on the device so you stay signed in.
activeTab
Reads the current tab's URL to match credentials, and sends the credential you choose to the active tab for autofill.
Host access to https://hub.vulpo.be/*
Communicates with your Vulpo vault API.
Content script on web pages
Shows an autofill dropdown on login forms and fills the credential you select.

Data categories collected

As declared to the Chrome Web Store, the extension collects:

  • Authentication information — passwords / login credentials.
  • Personally identifiable information — your email address.

No medical, financial/payment, location, web-history, user-activity, or personal-communications data is collected.

Our commitments

  • We do not sell user data to third parties, and we do not transfer it to third parties except as needed to operate your own Vulpo vault.
  • We use and transfer user data only for the extension's single purpose: operating the password manager (authentication and autofill).
  • We do not use or transfer user data to determine creditworthiness or for lending purposes.

Deleting your data

Your credentials live in your Vulpo vault/account. Deleting your Vulpo account removes that data from the vault. Signing out of the extension clears the locally stored session token and settings from your device. Because secrets are only ever revealed on your explicit action, no credential is exposed unless you choose to reveal, copy, or fill it.

Contact

Questions about this policy or your data? Email info@vulpo.be.