Privacy Policy

1. Principle

Zeed Browser (the "Software") is designed so that personal data is not visible to Zeed or EFG Technologies Inc. (the "Company") by construction. This policy is written to be compatible with GDPR (EU), APPI (Japan), and CCPA (California).

2. What we collect

The Software sends only the following minimal, anonymous telemetry events. Anonymous aggregate telemetry is on by default and can be turned off at any time in settings (see section 5). The Software honors Global Privacy Control (GPC) and Do Not Track signals: when either is set, nothing is sent regardless of the toggle. Detailed debug telemetry is separate and strictly opt-in (off by default).

• install — once on first launch. Fields: random UUID install ID, version, OS (one of linux / mac / ios / unknown).
• session_start — once each time the browser launches. Fields: install ID, version.
• heartbeat — at most once per UTC day during use. Fields: install ID, version.
• feature_used — bucket counter when a fixed-allowlist feature is invoked (~20 named features). Fields: install ID, version, feature name.
• agent_run — when an Agent run completes. Fields: install ID, version, success (boolean), step count, termination reason enum.
• crash — on application crash. Fields: install ID, version, SHA-256 hash of the stack trace.
• feature_day — at most once per UTC day per coarse feature group, on a day you use a Zeed-distinctive feature. Fields: install ID, version, UTC date, and the feature group — one of only six coarse values (chat / agent / feed / bookmark / memory / task), deliberately coarser than feature_used. Used solely to count how many installs still use Zeed features seven days later (retention).

The install ID is a random UUID generated locally and is not joined with any other identifier (IP, time, account) on the server. Events are received by our Cloudflare Worker, which is isolated in a separate Cloudflare account from any user-data infrastructure. IP addresses are discarded at the edge; only the two-letter CF-IPCountry code is kept. The full event schema is fixed by spec and enforced by an automated allowlist.

3. What we do not collect

The Software never transmits any of the following. These fields are not on the telemetry allowlist and are continuously enforced by a regression test (no_personal_data.test.ts).

• Browsing URLs, page titles, page content
• Chat contents, Memory, bookmarks, notes
• Email address, IP address, username, hostname
• TabGroup names, tab names, Agent tool arguments or results

4. Data stored locally

Memory, bookmarks, tasks, chat history, Context Map, and settings are stored exclusively on your device in localStorage / SQLite. None of it reaches our servers.

Any future cloud sync (Phase 6) will be opt-in, secured by Supabase Row-Level Security, and moving toward end-to-end encryption (AES-GCM) so that our administrators cannot decrypt the data.

5. Opt-out

Anonymous aggregate telemetry is on by default; turning it off is one click: chrome://zeed-sidebar/ → Settings → "Help improve Zeed". Turning it off immediately drops any queued events, including pending feature_day pings. The Software also honors GPC / Do Not Track — when either signal is detected, telemetry is disabled regardless of the toggle. Detailed debug telemetry (crash detail, agent failure detail, performance timing) is opt-in and off by default.

6. Private mode

While Private mode is on, the Software does not: write to Memory, extract facts, build Context Map, run Agents, produce recommendations, chat (AI is disabled), or send telemetry.

7. External services the browser talks to

The services below are reached only when you explicitly configure them. The Company does not act as a middleman.

• OpenRouter — only when you paste an API key. Chat and Agent traffic goes directly to OpenRouter. We do not observe or retain it.
• RSS feed sources — HTTP(S) fetches to feed URLs you subscribe to.
• Chromium standard services — Safe Browsing, CRL, time sync, etc. See the upstream Chromium privacy notes for details.

8. Cookies and website analytics

This landing page (zeed.run) uses no tracking cookies and no persistent identifiers. The application itself exposes Chromium-equivalent cookie controls to the user.

We count download-intent clicks on install command blocks (e.g. "Copy" on the AUR or brew command). These clicks are logged as a counter only — no IP address is stored, no cookie or localStorage is set, no URL is recorded. The Do Not Track header is honored: when set, nothing is sent. Each counter row stores only: date (UTC), button type (one of four fixed values), and the two-letter country code from Cloudflare. This data is used solely to measure which platform installers are popular.

9. Contact

Privacy questions: privacy@efg-technologies.com. GDPR Data Subject Access Requests and APPI disclosure requests are handled at the same address.

10. Changes

When we revise this policy, we bump the "last updated" date above and announce it in the GitHub release notes. Material changes also surface as an in-product notice.