This tool is all about making sure your password isn't leaked, and we want to keep it that way. Your password is never sent to our servers. Here's how:

When you type in a password in the input field, we use the SHA-1 algorithm to hash your password. We then send only the first 5 (out of 40) characters of said hash to our API, which returns a list potential hashes. That list is then compaired against your full password hash. If we get a hit, we know your password has been leaked at some point.

You can verify this by looking at the request send to https://devina.io/api/password-breach in your browser console.