Company level password policies will be applied only if you are authenticating via integrated ID providers. For your free app this should not be the case and passwords should not expire for users.
Mendix default password policy has no such mention.
You can check project->security->password policy
No, there is no expiration time for the password