Privacy Policy

Name: TorrinPass
Rating: 4.8 (50 reviews)
Author: TorrinPass

Last Updated: January 20, 2026

TorrinPass (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application.

Our Privacy Commitment

TorrinPass is built on a zero-knowledge architecture. This means:

We cannot access your passwords
We cannot read your encrypted data
We cannot reset your master password
Your privacy is protected by mathematics, not just policy

Information We Collect

Information You Provide

Data	Purpose	Encrypted?
Email address	Account identification, communication	No
Master password	Never transmitted or stored by us	N/A
Passwords & notes	Stored for your use	Yes (AES-256-GCM)
2FA secrets	Stored for your use	Yes (AES-256-GCM)

Information Collected Automatically

Data	Purpose
Device type	App compatibility
iOS version	App compatibility
App version	Support and updates
Crash reports	Bug fixes (optional)
Anonymous usage	Product improvement (optional)

How We Use Your Information

We use your information to:

Provide the service — Store and sync your encrypted passwords
Authenticate you — Verify your identity when you sign in
Communicate — Send important account notifications
Improve — Analyze anonymous usage to improve the app
Support — Respond to your support requests

What We Cannot Access

Due to our zero-knowledge architecture, we cannot:

View your passwords
Read your notes
See your 2FA secrets
Decrypt any of your data
Reset your master password

Your data is encrypted on your device before it reaches our servers.

Data Storage and Security

Encryption

Algorithm: AES-256-GCM
Key Derivation: PBKDF2 with 210,000 iterations
Location: Encrypted data stored on Firebase Firestore

Security Measures

End-to-end encryption
TLS 1.3 for data in transit
Regular security audits
No plaintext password storage

We do not sell your personal information.

We may share data only in these circumstances:

Service Providers — Firebase (Google) for data storage and authentication
Legal Requirements — If required by law (but we can only provide encrypted data)
With Your Consent — If you explicitly authorize sharing

Third-Party Services

The App may use the following third-party services:

Apple iCloud: For data synchronization (governed by Apple’s Privacy Policy)
Analytics Services: For anonymous usage statistics (no personal data shared)
Google Gemini API (optional): If you choose to use the AI recipe recognition feature and provide your own Google Gemini API key, photos you select for recipe recognition are sent to Google’s Gemini API (generativelanguage.googleapis.com) for processing. See the dedicated section below for full details.

AI Recognition & Google Gemini API

The App includes an optional AI-powered recipe recognition feature that uses Google’s Gemini API. This feature is entirely optional and requires you to provide your own Google Gemini API key.

What data is collected and sent:

When you use AI recipe recognition, the photo you select (either taken with the camera or chosen from your photo library) is sent to Google’s Gemini API for recipe text extraction.
Your Google Gemini API key is sent to Google’s servers to authenticate the request.
No other personal data (such as your name, email, location, device identifiers, or other recipe data) is sent to Google.

How the data is collected:

Data is only sent when you actively choose to use the AI recipe recognition feature by taking or selecting a photo.
The App asks for your explicit consent before sending any data to Google for the first time. You can revoke this consent at any time in Settings → AI Features → Privacy & Data Sharing.

Who the data is sent to:

Google LLC — via the Gemini API at generativelanguage.googleapis.com. Google’s use of this data is governed by Google’s Privacy Policy and Google’s API Terms of Service.

How the data is used:

The photo is processed by Google’s Gemini AI model to extract recipe information (title, ingredients, instructions). The extracted text is returned to the App.
We do not store, retain, or have access to any data sent to Google. The photo is sent directly from your device to Google’s servers.

Data protection:

Google provides enterprise-grade security for API communications. All data is transmitted over HTTPS (encrypted in transit).
Your API key is stored securely in your device’s Keychain and never shared with anyone other than Google for authentication purposes.

How to opt out:

Do not configure a Google Gemini API key, or remove it in Settings → AI Features.
If you have previously consented, you can revoke consent in Settings → AI Features → Privacy & Data Sharing → “Revoke Data Sharing Consent.”
The App is fully functional without this feature.

Your Rights

You have the right to:

Access — View your account information
Export — Download your data
Delete — Permanently delete your account and data
Opt-out — Disable anonymous analytics

To exercise these rights, contact us at privacy@torrinpass.com.

Data Retention

Active accounts: Data retained while account is active
Deleted accounts: Data permanently deleted within 30 days
Backups: Encrypted backups retained for 90 days, then deleted

Children’s Privacy

TorrinPass is not intended for children under 13. We do not knowingly collect information from children under 13.

International Users

Your data may be processed in the United States. By using TorrinPass, you consent to this transfer.

Changes to This Policy

We may update this Privacy Policy. We will notify you of significant changes via email or in-app notification.

Contact Us

For privacy-related questions:

Email: privacy@torrinpass.com

Summary

Question	Answer
Can you see my passwords?	No
Do you sell my data?	No
Can you reset my password?	No
Where is my data stored?	Firebase (encrypted)
Can I delete my data?	Yes, permanently