Privacy Policy
Last updated: 12 June 2026
Feedzy.ai is local-first: by default, everything you capture stays in your browser, on your device. An optional account adds zero-knowledge, end-to-end-encrypted cloud sync across your own devices and team sharing — and only then does anything leave your machine for our server, as ciphertext we can never read.
The short version
- No analytics, telemetry, advertising, or tracking SDKs are bundled or contacted — no Google Analytics, no Sentry, no Mixpanel.
- We never see your feedback content. The optional cloud is end-to-end encrypted; our server stores ciphertext only.
- Your password is never sent, even at sign-in (a zero-knowledge OPAQUE proof replaces it).
- AI features use the API key you provide and send only to the provider you choose.
- You stay in control: export, delete your data, or revoke a device's access at any time.
What stays on your device
By default, 100% of your data lives only on your machine, in your browser's storage:
| Data | Stored in |
|---|---|
| Your feedback (text + references) | chrome.storage.local |
| Event log (every change you make) | IndexedDB |
| Screenshots & voice recordings | IndexedDB |
| Your own API keys / tokens (Anthropic, OpenAI, GitHub) — encrypted at rest | chrome.storage.local / IndexedDB |
| Device/environment metadata per feedback (browser, OS, screen, hardware class, network type, language, timezone) — for context only | IndexedDB event log |
| Profile (device id, display name, email, consent toggles) — optional | chrome.storage.sync |
When data leaves your device
Every outbound request is triggered by an explicit action you take, and uses a key, token, or account you control. The full list:
| Action | Goes to | What is sent |
|---|---|---|
| "Open in" an AI (Claude, ChatGPT, Gemini, …) | that AI's official website (new tab) | Your formatted prompt only |
| "Summarize" / "Triage" / "Correct" | api.anthropic.com | Your prompt (auto-redacted) + the Anthropic key you entered |
| Voice note transcription | api.openai.com | The audio you just recorded + the OpenAI key you entered; audio is not retained after transcription |
| GitHub file/folder picker | api.github.com | Read-only repository reads + the GitHub token you entered |
| Cloud sync & team sharing — only after you sign in | api.feedzy.ai (+ Cloudflare R2, EU) | OPAQUE sign-in (your email, never your password) + your feedback events end-to-end encrypted; encrypted screenshot/voice blobs are stored on Cloudflare R2 in the EU |
| "Send to VS Code" | 127.0.0.1 (your own machine) | The prompt + screenshots, to a local companion app you run — never over the network |
| Database bridge (only if you configure one) | your own server | A signed request (operation name + arguments) — never your prompt, keys, or personal data |
The optional cloud account (zero-knowledge)
If — and only if — you create an account and sign in, Feedzy.ai syncs your feedback across your own devices and enables team sharing. This is opt-in; the default experience sends nothing to our server.
- Your password is never transmitted. Authentication uses OPAQUE (RFC 9807): the server verifies a zero-knowledge proof and stores no crackable password hash.
- Your content is end-to-end encrypted in your browser before upload (AES-256-GCM). The server stores ciphertext only and cannot decrypt it.
- What the server does see in clear (necessary to route and sync): your sign-in email, a per-install device id and per-device activity timing, event ids, timestamps, and the sharing/permission graph. It never sees your feedback content or your password.
- Encrypted media (screenshots, voice) is uploaded to Cloudflare R2 in the European Union via short-lived presigned URLs our backend mints. R2 only ever holds ciphertext; it is a storage sub-processor, not a recipient of readable data.
Third-party services & sub-processors
- Anthropic, OpenAI, GitHub — contacted only when you have entered your own key/token and trigger the matching feature. Your prompt, audio, or query goes straight to that provider with your key; the provider sees what you send them, as with any direct API call (these calls are not end-to-end encrypted to us — they don't involve us at all).
- Feedzy.ai backend (
api.feedzy.ai) — our own first-party server, opt-in, zero-knowledge (ciphertext only). - Cloudflare R2 (EU) — encrypted-blob storage for the optional cloud; ciphertext only.
- Google Chrome Sync — if you enable Chrome's own Sync, Chrome relays your
chrome.storage.syncprofile (which includes your display name and email) through Google's sync servers. This is Chrome's mechanism, under your Google account; we never receive it.
Data we never collect
We do not collect analytics or usage telemetry, do not phone home for update checks or remote config, do not read the cookies or storage of sites you visit, do not read your browsing history, and do not inject ads or modify foreign pages beyond the capture/picker overlays you invoke. We never sell or transfer your data to third parties, never use it for unrelated purposes, and never use it to determine creditworthiness or for lending.
Permissions, and why
| Permission | Why it's needed |
|---|---|
<all_urls> host access | The element picker, screenshot capture, and error breadcrumbs must work on whatever page you choose to give feedback about. Access is gated by your click (the activeTab model) — the extension does not act on pages you haven't invoked it on. |
activeTab | Capture the current tab after you click Capture. |
scripting | Inject the element picker, screenshot, and error-monitor scripts into the tab you invoke feedback on (and, when you use "Open in", paste your prompt into the AI chat editor). Runs only on your action, on the active tab. |
storage | Keep your local history, settings, and (optionally) your own API keys on your device. |
unlimitedStorage | Screenshots, voice, and the event log routinely exceed the default 5 MB quota. |
clipboardWrite | The "Copy prompt" action and pasting a captured image into AI chat editors. |
sidePanel | The entire interface is a Chrome side panel. |
contextMenus | Right-click "Add to feedback" on selected text, images, or links. |
favicon | Reads the current site's favicon via Chrome's built-in endpoint to derive a per-domain accent color — no network request. |
Automatic redaction
A privacy filter is on by default. Before any text is stored or exported, Feedzy.ai replaces emails, Luhn-valid card numbers, IBANs, JWTs, and API-key-shaped tokens (Bearer / sk- / pk- / ghp_ and similar) with neutral placeholders. You can install the extension on a work machine without leaking a key into a screenshot or prompt.
Your controls
- Export your data to a JSON file at any time (with the option to strip screenshots).
- Delete any feedback, or clear everything, from the panel.
- Revoke a device's access and rotate your recovery key from the account settings (cloud accounts).
- Regenerate your device id on demand.
- Uninstalling the extension removes all local data.
Data controller
Feedzy.ai is operated by Anthony Fantinati, trading as Blazing Ideas, a sole trader (auto-entrepreneur) established in France, who is the data controller for the optional cloud account. Postal address: 466 Bis chemin de Blazin, 30000 Nîmes, France (SIRET: 515 266 997 00037). You can reach the controller for any privacy matter at privacy@feedzy.ai. When you use the extension purely locally (no account), we process no personal data and there is no controller relationship.
Legal basis for processing (GDPR Art. 6)
- Performance of a contract — processing the routing metadata (sign-in email, device id, event ids, timestamps, sharing graph) needed to deliver the cloud sync and team-sharing you signed up for.
- Consent — creating an account and enabling the cloud is entirely opt-in; you may withdraw at any time by deleting your account or signing out, which stops all server-side processing.
- Legitimate interests — keeping the service secure and preventing abuse (e.g. rate-limiting, device caps). We do not process your data for marketing or profiling.
Data retention
- Local data lives only on your device until you delete it or uninstall the extension; we set no retention period because we never hold it.
- Encrypted cloud events & blobs are retained while your account is active. When you cancel, a grace window applies before the encrypted pool is purged; deleting your account removes them.
- Routing metadata (email, device records, sharing graph) is kept for the life of the account and deleted on account deletion, subject to any short backup-rotation window.
- AI / transcription requests are not stored by us at all — they go directly to the provider whose key you entered; recorded audio is discarded right after transcription.
Your rights under the GDPR
Because the cloud is zero-knowledge, we hold your content only as ciphertext we cannot read — but for the routing metadata we do process, you have the rights to:
- Access — request a copy of the personal data we hold about you (the extension also exports your own data to JSON at any time).
- Rectification — correct inaccurate data (e.g. your display name or email).
- Erasure — delete your account and its data ("right to be forgotten").
- Portability — receive your data in a structured, machine-readable format.
- Restriction / objection — ask us to limit or stop certain processing.
- Withdraw consent — at any time, without affecting prior lawful processing.
- Lodge a complaint — with your local supervisory authority (in France, the CNIL).
To exercise any of these, email privacy@feedzy.ai; we respond within one month.
Contact
Questions or a privacy-affecting bug? Email privacy@feedzy.ai or open an issue on our public repository. Please don't include sensitive content in a bug report.
← Back to Feedzy.ai