Privacy Policy

1. Principle

Zeed Browser (the "Software") is designed so that personal data is not visible to Zeed or EFG Technologies Inc. (the "Company") by construction. This policy is written to be compatible with GDPR (EU), APPI (Japan), and CCPA (California).

2. What we collect

The Software sends only the following minimal, anonymous telemetry, and only if the user explicitly opts in from settings. It is OFF by default.

• crash — on application crash. Fields: SHA-256 hash of the stack trace, version number only.
• agent_run — when an Agent run completes. Fields: success (boolean), step count, termination reason enum, version number only.

Events are received by our Cloudflare Worker, which is isolated in a separate Cloudflare account from any user-data infrastructure. IP addresses are discarded at the edge; only the two-letter CF-IPCountry code is kept.

3. What we do not collect

The Software never transmits any of the following. These fields are not on the telemetry allowlist and are continuously enforced by a regression test (no_personal_data.test.ts).

• Browsing URLs, page titles, page content
• Chat contents, Memory, bookmarks, notes
• Email address, IP address, username, hostname
• TabGroup names, tab names, Agent tool arguments or results

4. Data stored locally

Memory, bookmarks, tasks, chat history, Context Map, and settings are stored exclusively on your device in localStorage / SQLite. None of it reaches our servers.

Any future cloud sync (Phase 6) will be opt-in, secured by Supabase Row-Level Security, and moving toward end-to-end encryption (AES-GCM) so that our administrators cannot decrypt the data.

5. Opt-out

Telemetry is off by default. You can toggle it any time from chrome://zeed-sidebar/ → Settings → "Send anonymous telemetry". Turning it off immediately drops any queued events.

6. Private mode

While Private mode is on, the Software does not: write to Memory, extract facts, build Context Map, run Agents, produce recommendations, chat (AI is disabled), or send telemetry.

7. External services the browser talks to

The services below are reached only when you explicitly configure them. The Company does not act as a middleman.

• OpenRouter — only when you paste an API key. Chat and Agent traffic goes directly to OpenRouter. We do not observe or retain it.
• RSS feed sources — HTTP(S) fetches to feed URLs you subscribe to.
• Chromium standard services — Safe Browsing, CRL, time sync, etc. See the upstream Chromium privacy notes for details.

8. Cookies

This landing page (zeed.run) uses no tracking cookies. The application itself exposes Chromium-equivalent cookie controls to the user.

9. Contact

Privacy questions: [email protected]. GDPR Data Subject Access Requests and APPI disclosure requests are handled at the same address.

10. Changes

When we revise this policy, we bump the "last updated" date above and announce it in the GitHub release notes. Material changes also surface as an in-product notice.