ZainaBot for Chrome — Privacy Policy
Last updated: 2026-05-27
Publisher: SpotONE Digital FZ-LLC / ZainaBot.AI
Extension ID: gfofbaglhpalnicepahnbikbngfdjfmo
You can verify this is the correct privacy policy for the extension you installed by comparing the ID above against the one shown at chrome://extensionsfor “ZainaBot — Memory for your browser”.
ZainaBot for Chrome is the browser companion for ZainaBot.AI. When you choose to save a webpage, record a browser-based meeting, or ask a question, the extension sends that content to your ZainaBot account so it can be searched, summarized, and turned into briefs, decks, and other deliverables. The extension never captures anything in the background without your action, and it never reads pages on a fixed deny-list (login forms, banking, healthcare, search engine results).
1. What we collect
1.1 Information you actively send to ZainaBot
- Webpage content: cleaned main text, page title, URL, optionally a viewport screenshot — only for pages you explicitly clip.
- Meeting audio transcripts: when you press Record on a browser-based meeting (Zoom web, Google Meet, Microsoft Teams web, Whereby, Around), tab audio is captured and streamed to our transcription service. Only the resulting transcript is stored; raw audio is not retained.
- Selected text: if you highlight text and use "Clip selection", only that selection plus the page URL is sent.
- Questions you ask: any question you type in the side-panel Ask tab is sent to our retrieval service to be answered using your project knowledge.
- Authentication tokens: your Firebase identity token (issued when you log into ZainaBot.AI) is sent with each request so we know which account the content belongs to.
1.2 Information automatically collected
- Diagnostic data: anonymous error reports and feature-usage telemetry (extension version, page-extraction adapter, whether captures succeeded). No content of pages, selections, or transcripts is included in telemetry.
- Extension settings: your default capture project is stored locally in
chrome.storage.local.
1.3 Information we explicitly do NOT collect
- No background page reading. Page content is read only when you click Save, Record, or Ask (or when you have explicitly enabled the optional Auto-capture feature — Pro+ only, off by default).
- No login pages. URLs matching known login flows, password forms, or our deny-list of sensitive domains (financial, healthcare, government, search engine results) are never captured. The deny-list is enforced both in the extension and on the server.
- No keystrokes. The extension does not log what you type into pages it does not capture.
- No browsing history beyond what you save. The extension's Recent tab shows only captures you've explicitly created.
- No data from other browser profiles. The extension only operates in the Chrome profile where it's installed.
2. How we use the information
| Purpose | What we do |
|---|---|
| Provide the service | Index your captures into your project knowledge base so you can search, ask, and generate briefs / decks / action plans / follow-up emails. |
| Process meeting transcripts | Send tab audio to our speech-to-text partner (Deepgram, see §6) for transcription. Only the transcript is stored. |
| Answer your questions | Retrieval-augmented generation over your project content + selected AI models (Anthropic Claude by default; OpenAI / Gemini on BYOK). |
| Improve the service | Aggregate anonymous usage telemetry (feature engagement, error rates). We do not train AI models on your content. |
| Comply with law | Respond to lawful subpoenas, court orders, or regulatory requests when legally required. |
We do NOT:
- Train AI models on your content
- Sell or rent your data to third parties
- Use your content to serve advertising
- Allow ZainaBot employees access to your content except as required for support requests you initiate
3. Auto-capture (Pro+ only, off by default)
If you enable Auto-capture on Pro+, the extension will save article-like pages you spend more than 30 seconds reading. It is off by default, respects the same deny-list as manual capture, excludes specific domains you add to your personal exclusion list, surfaces every auto-capture in your Recent tab so you can undo within 10 seconds, can be disabled at any time from settings, and never auto-captures pages where you're filling out forms or where login fields are visible.
4. Where your data is stored
- Captures, transcripts, and embeddings: in your private Firebase Firestore project on Google Cloud Platform (US region by default; UAE region available on Enterprise).
- Binary attachments: Firebase Cloud Storage, same access controls.
- Authentication tokens:
chrome.storage.local(browser-local; sent only as Authorization headers). - Offline queue: IndexedDB locally, until next successful sync.
All data is encrypted in transit (TLS 1.2+) and at rest. Database access is restricted by per-user Firebase security rules that prevent cross-account reads.
5. Sharing your data
We share data only with:
- Infrastructure providers (Google Cloud Platform, Vercel, Cloudflare) under enterprise terms — they process on our behalf and may not use the data for any other purpose.
- Anthropic (and, with your BYOK, OpenAI / Google Gemini) for AI inference. We do not allow model providers to train on your data.
- Deepgram for speech-to-text. Deepgram processes audio in real time and does not retain it after transcription.
- Stripe for payment processing (subscription metadata only — no extension content).
We do NOT share your data with advertisers, data brokers, or other ZainaBot customers (unless your Enterprise admin has explicitly enabled team-shared memory objects for the relevant project).
6. Third-party services
| Service | Role | Privacy policy |
|---|---|---|
| Google Cloud Platform | Database + Storage | link |
| Vercel | Web hosting | link |
| Cloudflare | Edge workers | link |
| Anthropic | Claude AI inference | link |
| Deepgram | Speech-to-text | link |
| Stripe | Payments | link |
7. Permissions the extension requests, and why
| Permission | Purpose |
|---|---|
activeTab | Read URL + title of your active tab, only when you open the extension. |
tabs | Switch between Capture, Ask, and Meeting tabs against the active tab. |
tabCapture | Capture audio from the active tab when you press Record. |
sidePanel | Show the ZainaBot side panel. |
scripting | Inject the content script that extracts cleaned main text (Mozilla Readability) when you click Save. |
storage | Store your default project, auth token, and offline capture queue locally. |
| host_permissions (meeting tool origins only) | Required by tabCapture for audio capture on web meeting clients. |
notifications | Show a brief confirmation when a capture saves successfully. |
We do NOT request: cookies, webRequest, webNavigation, history, bookmarks, downloads, geolocation, clipboardRead/Write, desktopCapture, or full <all_urls> host access.
8. Your rights and controls
- Disable the extension from
chrome://extensions/at any time. - Sign out — cached credentials are wiped from
chrome.storage.local. - Delete individual captures from the Recent tab or from your project view at zainabot.ai.
- Wipe all extension-stored data with a two-click option in settings.
- Export all your ZainaBot data (GDPR Article 20) at zainabot.ai/account/export.
- Delete your ZainaBot account (GDPR Article 17) at zainabot.ai/account/delete. All captures, transcripts, and memory objects are deleted within 30 days.
- Configure capture exclusions to permanently block specific domains.
EU/UK residents may exercise rights under GDPR (access, rectification, restriction, objection, complaint to data-protection authority). UAE residents have analogous rights under the UAE PDPL.
9. Children
ZainaBot is not directed to children under 16 and we do not knowingly collect personal data from anyone under 16. Contact support@zainabot.ai if you believe we have.
10. Changes to this policy
Material changes that expand what we collect or share require your explicit consent before the new behavior takes effect. You'll be notified via an in-product notice and an email to the address on file.
11. Contact
| Privacy questions or rights requests | privacy@zainabot.ai |
| Security disclosures | security@zainabot.ai |
| General support | support@zainabot.ai |
This page mirrors the draft at ZAINAMIND-PHASE-0/CWS-PRIVACY-POLICY-DRAFT.md. Pending legal review before CWS submission.