Privacy Policy

1. Data We Collect

The only data we collect is:

• Email address (for license management and login)
• Payment information (processed by Stripe — we never store card details)

We do NOT store your messages, contacts, or media on our servers.

2. How AI Features Work

ZeroZapp uses AI for transcription, summaries, and smart compose. Here's how data flows:

• Audio/Video Transcription: Audio and video files are sent through our API proxy to AI providers (Google Gemini or OpenAI Whisper) for transcription. Files are processed in real-time and not stored — neither by us nor by the AI providers for training purposes.
• AI Summaries & Smart Compose: Message content is sent through our API proxy to AI providers for processing. Messages are not stored after processing.
• Your Own API Key: For extra privacy and control, you can use your own API key from OpenAI, Google Gemini, or other supported providers. When using your own key, data goes directly from your browser to the provider — bypassing our servers entirely.

3. Features That Stay Local

These features process everything in your browser — no data leaves your device:

• Privacy Mode: Blurs messages locally.
• Favorites & Blocked Lists: Stored in your browser.
• Keyboard Shortcuts: Local functionality only.
• Scheduled Messages: Stored locally, with optional cloud sync for cross-device access.

4. Cloud Backup (Optional)

If you enable cloud backup, we sync only:

• Your settings and preferences
• Favorite and blocked contact lists
• Scheduled messages

Message content is never included in backups.

5. Third-Party Services

The extension communicates with:

• Google Gemini API: Default provider for AI features. Subject to Google's Privacy Policy.
• OpenAI API: Available when you provide your own key. Subject to OpenAI's Privacy Policy.
• Stripe: Payment processing. Subject to Stripe's Privacy Policy.
• api.zerozapp.com: License verification, AI proxy, and optional cloud backup.

6. Permissions Explained

The extension requests these permissions:

• storage: Save your preferences locally
• sidePanel: Display the extension interface
• alarms: Enable scheduled message reminders
• tabs/activeTab: Detect WhatsApp Web tab
• scripting: Inject productivity features into WhatsApp Web
• webRequest: Capture audio URLs for transcription (read-only, no modification)
• Host permissions: Access WhatsApp Web, AI provider APIs, and WhatsApp CDN for audio files

7. Data Storage & Security

Settings and preferences are stored locally using chrome.storage:

• Your API keys (stored locally, never synced to cloud)
• Scheduled conversations (local + optional cloud sync)
• Favorite and blocked contacts (local + optional cloud sync)
• Extension preferences (local + optional cloud sync)

Security measures:

• HTTPS for all communications
• Passwords hashed with PBKDF2 (never stored in plain text)
• AI processing is stateless — files are not retained after processing
• Cloud backups contain only metadata, never messages

You can clear local data anytime by removing the extension. Cloud data can be deleted by contacting support.

8. Your Rights

You have the right to:

• Access your personal data (email, purchase records)
• Request deletion of your account and all associated data
• Export your local extension data
• Opt-out of marketing communications

9. Children's Privacy

ZeroZapp is not intended for users under 13 years of age. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email or in-app notification.

11. Contact Us

For privacy questions or to exercise your rights:

• Email: [email protected]
• Website: zerozapp.com