Privacy Policy

Last updated: 12 June 2026

Feedzy.ai is local-first: by default, everything you capture stays in your browser, on your device. An optional account adds zero-knowledge, end-to-end-encrypted cloud sync across your own devices and team sharing — and only then does anything leave your machine for our server, as ciphertext we can never read.

The short version

What stays on your device

By default, 100% of your data lives only on your machine, in your browser's storage:

DataStored in
Your feedback (text + references)chrome.storage.local
Event log (every change you make)IndexedDB
Screenshots & voice recordingsIndexedDB
Your own API keys / tokens (Anthropic, OpenAI, GitHub) — encrypted at restchrome.storage.local / IndexedDB
Device/environment metadata per feedback (browser, OS, screen, hardware class, network type, language, timezone) — for context onlyIndexedDB event log
Profile (device id, display name, email, consent toggles) — optionalchrome.storage.sync

When data leaves your device

Every outbound request is triggered by an explicit action you take, and uses a key, token, or account you control. The full list:

ActionGoes toWhat is sent
"Open in" an AI (Claude, ChatGPT, Gemini, …)that AI's official website (new tab)Your formatted prompt only
"Summarize" / "Triage" / "Correct"api.anthropic.comYour prompt (auto-redacted) + the Anthropic key you entered
Voice note transcriptionapi.openai.comThe audio you just recorded + the OpenAI key you entered; audio is not retained after transcription
GitHub file/folder pickerapi.github.comRead-only repository reads + the GitHub token you entered
Cloud sync & team sharing — only after you sign inapi.feedzy.ai (+ Cloudflare R2, EU)OPAQUE sign-in (your email, never your password) + your feedback events end-to-end encrypted; encrypted screenshot/voice blobs are stored on Cloudflare R2 in the EU
"Send to VS Code"127.0.0.1 (your own machine)The prompt + screenshots, to a local companion app you run — never over the network
Database bridge (only if you configure one)your own serverA signed request (operation name + arguments) — never your prompt, keys, or personal data

The optional cloud account (zero-knowledge)

If — and only if — you create an account and sign in, Feedzy.ai syncs your feedback across your own devices and enables team sharing. This is opt-in; the default experience sends nothing to our server.

Third-party services & sub-processors

Data we never collect

We do not collect analytics or usage telemetry, do not phone home for update checks or remote config, do not read the cookies or storage of sites you visit, do not read your browsing history, and do not inject ads or modify foreign pages beyond the capture/picker overlays you invoke. We never sell or transfer your data to third parties, never use it for unrelated purposes, and never use it to determine creditworthiness or for lending.

Permissions, and why

PermissionWhy it's needed
<all_urls> host accessThe element picker, screenshot capture, and error breadcrumbs must work on whatever page you choose to give feedback about. Access is gated by your click (the activeTab model) — the extension does not act on pages you haven't invoked it on.
activeTabCapture the current tab after you click Capture.
scriptingInject the element picker, screenshot, and error-monitor scripts into the tab you invoke feedback on (and, when you use "Open in", paste your prompt into the AI chat editor). Runs only on your action, on the active tab.
storageKeep your local history, settings, and (optionally) your own API keys on your device.
unlimitedStorageScreenshots, voice, and the event log routinely exceed the default 5 MB quota.
clipboardWriteThe "Copy prompt" action and pasting a captured image into AI chat editors.
sidePanelThe entire interface is a Chrome side panel.
contextMenusRight-click "Add to feedback" on selected text, images, or links.
faviconReads the current site's favicon via Chrome's built-in endpoint to derive a per-domain accent color — no network request.

Automatic redaction

A privacy filter is on by default. Before any text is stored or exported, Feedzy.ai replaces emails, Luhn-valid card numbers, IBANs, JWTs, and API-key-shaped tokens (Bearer / sk- / pk- / ghp_ and similar) with neutral placeholders. You can install the extension on a work machine without leaking a key into a screenshot or prompt.

Your controls

Data controller

Feedzy.ai is operated by Anthony Fantinati, trading as Blazing Ideas, a sole trader (auto-entrepreneur) established in France, who is the data controller for the optional cloud account. Postal address: 466 Bis chemin de Blazin, 30000 Nîmes, France (SIRET: 515 266 997 00037). You can reach the controller for any privacy matter at privacy@feedzy.ai. When you use the extension purely locally (no account), we process no personal data and there is no controller relationship.

Legal basis for processing (GDPR Art. 6)

Data retention

Your rights under the GDPR

Because the cloud is zero-knowledge, we hold your content only as ciphertext we cannot read — but for the routing metadata we do process, you have the rights to:

To exercise any of these, email privacy@feedzy.ai; we respond within one month.

Contact

Questions or a privacy-affecting bug? Email privacy@feedzy.ai or open an issue on our public repository. Please don't include sensitive content in a bug report.

← Back to Feedzy.ai