Short answer
On your device. Encrypted. Never sent anywhere.
Geslar Škrinjar (Free version) stores all your data locally in the browser. No servers, no cloud, no sync. Your passwords never leave your device.
Where exactly?
IndexedDB / chrome.storage.local
Škrinjar uses the browser storage API to store the encrypted vault blob. This is the same mechanism browsers use for their own data — isolated per extension.
Encrypted blob
Your data is stored as an AES-256-GCM encrypted blob. Even the browser can't see the contents — only Škrinjar with your master key.
What is NOT stored
Master password
Never stored on disk. Exists only in RAM while the vault is unlocked.
Master key
Never stored on disk. Derived from the master password each time you unlock.
Analytics
No analytics. No Google Analytics, no telemetry, no tracking cookies.
User account
No registration. Geslar doesn't know who uses it — no email, name or ID.
Important questions
What if I uninstall the extension?
Data is deleted. The browser deletes storage when you uninstall the extension. That's why backup is essential.
What if I change computers?
Data stays on the old device. To transfer, use backup and import. Cloud sync is coming in a future version.
What if the browser syncs?
Chrome/Edge sync does not sync extension storage. Your passwords stay only on the device where they were created.
Can a web page see my passwords?
No. Extension storage is isolated from web pages. The autofill UI uses Closed Shadow DOM — the web page cannot read your data.
What about cloud sync?
Geslar Cloud (future version) will enable sync between devices. But the principle stays the same:
- Data is encrypted on your device before sending.
- The server receives and stores only encrypted blobs.
- The server has no key — it cannot decrypt your data.
- Servers will be in the EU (GDPR compliant).
The local mode (Free) always remains available. Cloud sync is an optional upgrade — never a mandatory step.