Privacy by design
pCloud Pass was designed to be private and secure. With our zero-knowledge privacy approach, the data you save gets encrypted on your device and only you can decrypt it with your Master Password. We do not have access to the data you save, and we do not use, share or sell it to anyone.
pCloud Pass uses client-side encryption to ensure your data is protected from all kinds of attacks. This means that everything you save gets encrypted on your device before it’s uploaded to the pCloud servers. The service uses AES and elliptic curves (specifically elliptic curve secp256r1) for encryption. Your Master Password is secured with 256-bit AES encryption. It is used along with PBKDF2 (Password-Based Key Derivation Function 2) to generate a private key, which is encrypted using AES ECB (16-bit). All the items you save in pCloud Pass are secured using AES CTR encryption and HMACSHA256 keyed hash algorithm.