Privacy Policy

1. Data We Collect

ZeroZapp collects the following categories of data:

1.1 Data You Provide Directly

• Email address: Provided during account creation, used for license management, login, and essential communications.
• Password: Hashed with PBKDF2 before storage — we never store or transmit plaintext passwords.
• Payment information: Processed entirely by Stripe. We never receive, store, or have access to your card details.

1.2 Data Collected Automatically

• License verification data: Extension version, license status, and installation ID — sent to our API for license validation.
• Basic analytics: Page views on our website (zerozapp.com) with referrer and URL. No personal identifiers are included.

1.3 Data Processed Temporarily (Not Stored)

• Audio/video files: When you use transcription, files are sent to AI providers for processing and immediately discarded after transcription is returned.
• Message content: When you use AI summaries or smart compose, message text is sent to AI providers for processing and immediately discarded after the response is returned.

1.4 Data We Do NOT Collect

• We do NOT store your WhatsApp messages, contacts, or media on our servers.
• We do NOT collect browsing history or activity outside of WhatsApp Web.
• We do NOT collect personal identifiers beyond your email address.
• We do NOT use cookies or tracking pixels in the extension.

2. How We Use Your Data (Processing)

We process your data solely for the following purposes:

• Account management: Your email is used to create and manage your account, verify your license, and send essential communications (license expiration, policy updates).
• AI features: Audio/video files and message content are temporarily processed through our API proxy to AI providers (Google Gemini, OpenAI) to deliver transcription, summarization, and smart compose features. Data is processed in real-time and not retained.
• Cloud backup (optional): If you enable cloud sync, we store your settings, preferences, favorite/blocked contact lists, and scheduled messages. Message content is never included in backups.
• License verification: Extension version and license data are used to validate your subscription status.
• Website analytics: Anonymous page view data helps us understand website traffic and improve our service.

We never use your data for advertising, profiling, or selling to third parties.

3. Data Storage

3.1 Local Storage (Your Browser)

The following data is stored locally in your browser using chrome.storage:

• Extension settings and preferences
• Your API keys (stored locally, never sent to our servers)
• Scheduled conversations
• Favorite and blocked contact lists
• UI state and display preferences

Local data is stored only on your device and cleared when you remove the extension.

3.2 Server Storage (Our Infrastructure)

Our servers (hosted on Cloudflare Workers with D1 database) store:

• Email address and hashed password
• License/subscription status and expiration date
• Cloud backup data (only if you opt-in): settings, favorites, blocked lists, scheduled messages

3.3 Security Measures

• All data transmission uses HTTPS/TLS encryption
• Passwords are hashed with PBKDF2 (never stored in plain text)
• API keys are stored only locally in your browser
• AI data processing is stateless — files are not retained after processing
• Our API infrastructure runs on Cloudflare's secure edge network

4. Data Sharing

We share user data only in the following limited circumstances:

4.1 Third-Party Service Providers

• Google Gemini API (Google LLC): Default AI provider for transcription, summaries, and smart compose. Receives audio/video files and message content temporarily for processing. Subject to Google's Privacy Policy. Data is not retained by Google for model training when accessed via API.
• OpenAI API (OpenAI Inc.): Alternative AI provider, used when you provide your own OpenAI API key. Receives audio files for Whisper transcription. Subject to OpenAI's Privacy Policy. Data sent via API is not used for training.
• Stripe (Stripe Inc.): Payment processing. Receives payment information directly from you — we never see or store card details. Subject to Stripe's Privacy Policy.
• Cloudflare (Cloudflare Inc.): Hosts our API and website infrastructure. Processes requests as part of service delivery. Subject to Cloudflare's Privacy Policy.

4.2 When We May Share Data

• Legal compliance: If required by law, court order, or governmental regulation.
• Safety and security: To prevent fraud, abuse, or security threats.
• Business transfer: In the event of a merger, acquisition, or sale of assets, user data may be transferred to the acquiring entity.

4.3 What We Never Share

• We never sell your personal data to third parties.
• We never share data for advertising or marketing purposes.
• We never provide your data to data brokers.

5. Data Retention and Deletion

5.1 Retention Periods

• Account data (email, license): Retained while your account is active. Deleted within 30 days of account deletion request.
• AI-processed data (audio, messages): Not retained — processed in real-time and immediately discarded.
• Cloud backup data: Retained while cloud sync is enabled. Deleted when you disable sync or request account deletion.
• Local browser data: Retained until you remove the extension or clear browser data.
• Payment records: Retained by Stripe per their retention policy for legal/financial compliance.

5.2 How to Delete Your Data

• Local data: Remove the ZeroZapp extension from your browser, or go to Chrome settings and clear extension storage.
• Server data: Email privacy@zerozapp.com to request complete deletion of your account and all associated data. We will process the request within 30 days.
• Cloud backups: Disable cloud sync in extension settings, or request account deletion.

6. User Consent

ZeroZapp obtains your consent before collecting or processing data:

• Installation consent: By installing the extension, you consent to the local data storage and license verification described in this policy.
• Account creation consent: By creating an account, you consent to the storage of your email and license data on our servers.
• AI features consent: AI features (transcription, summaries, smart compose) are user-initiated. Data is only sent to AI providers when you explicitly click a button to use these features. No data is sent automatically.
• Cloud sync consent: Cloud backup is disabled by default. You must explicitly opt-in to enable cloud synchronization of your settings and preferences.

7. Features That Stay Local

These features process everything in your browser — no data leaves your device:

• Privacy Mode (Blur): Blurs messages, names, and photos locally.
• Favorites & Blocked Lists: Stored in your browser's local storage.
• Keyboard Shortcuts: Local functionality only.
• Conversation Snooze: Stored locally, with optional cloud sync if you opt-in.
• Smart Archive: Runs entirely in your browser.

8. How AI Features Work (Data Flow)

For transparency, here is the exact data flow for each AI feature:

• Audio/Video Transcription: When you click the transcribe button, the audio/video file is sent from your browser → through our API proxy (api.zerozapp.com) → to the AI provider (Google Gemini or OpenAI Whisper). The transcribed text is returned through the same path and displayed in your browser. The file is not stored at any point in this chain.
• AI Summaries & Smart Compose: When you click summarize or compose, the relevant message text is sent from your browser → through our API proxy → to the AI provider. The generated text is returned and displayed in your browser. Message content is not stored at any point.
• Using Your Own API Key: When you configure your own API key (OpenAI, Google Gemini, or other providers), data flows directly from your browser → to the AI provider, completely bypassing our servers. This gives you maximum privacy and control.

9. Chrome Extension Permissions

ZeroZapp requests the following browser permissions, each with a specific purpose:

• storage: Save your extension preferences and settings locally in your browser.
• sidePanel: Display the ZeroZapp interface as a side panel in Chrome.
• alarms: Schedule reminders for snoozed conversations.
• tabs / activeTab: Detect when WhatsApp Web is open to activate extension features.
• scripting: Inject productivity features (snooze, blur, smart archive) into the WhatsApp Web interface.
• webRequest: Intercept audio file URLs from WhatsApp's CDN for transcription (read-only, no modification of requests).
• Host permissions (web.whatsapp.com): Access WhatsApp Web to provide extension functionality.
• Host permissions (api.openai.com): Connect to OpenAI API when you use your own API key for transcription.
• Host permissions (*.whatsapp.net): Access WhatsApp's CDN to retrieve audio files for transcription.
• Host permissions (zerozapp.com): Connect to our API for license verification, AI proxy, and optional cloud backup.

10. Your Rights

You have the following rights regarding your data:

• Right to access: Request a copy of all personal data we hold about you.
• Right to correction: Request correction of inaccurate personal data.
• Right to deletion: Request complete deletion of your account and all associated data.
• Right to data portability: Export your local extension data at any time.
• Right to withdraw consent: Disable cloud sync, stop using AI features, or uninstall the extension at any time.
• Right to opt-out: Opt-out of any optional data collection (cloud sync, analytics) without losing core functionality.

To exercise any of these rights, contact us at privacy@zerozapp.com.

11. Children's Privacy

ZeroZapp is not intended for users under 13 years of age. We do not knowingly collect personal data from children under 13. If we learn that we have collected data from a child under 13, we will delete it immediately. If you believe a child under 13 has provided us with personal data, please contact us at privacy@zerozapp.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make significant changes:

• We will update the "Last updated" date at the top of this page.
• We will notify you via email or in-app notification for material changes.
• Continued use of the extension after changes constitutes acceptance of the updated policy.

13. Contact Us

For any questions, concerns, or requests related to this Privacy Policy or your personal data:

• Email: privacy@zerozapp.com
• Website: zerozapp.com
• WhatsApp: +1 (407) 717-9337

Developer: Autobots Ventures
Location: United States