VZlyze is a Chrome Extension and associated web service operated by an individual developer based in Morocco. References to "VZlyze," "we," "us," or "our" refer to this service. You can reach us at [email protected].
Account information: When you register, we collect your email address and a hashed password (or your Google account identifier if you use OAuth). We do not store plain-text passwords.
Credit usage data: We maintain a server-side ledger of your credit balance and transaction history (pack purchases and credit consumption events). This is necessary to operate the service.
Screenshot data (only when you analyze): When you click "Quick Analysis" or "Deep Research," the screenshot is sent to our backend and forwarded to Anthropic's API for processing. The screenshot is not stored on our servers — it is processed in memory and discarded after the response is returned to you.
Payment data: Payments are handled entirely by Paddle, who acts as Merchant of Record. We never see or store your card details. We receive a webhook confirming the purchase and the associated pack type.
We do not use your data for advertising, profiling, or sale to third parties.
Anthropic: Screenshot images are sent to Anthropic's API to generate AI analysis. Anthropic's data handling is governed by their privacy policy. We send only the image and a system prompt — no personal identifiers are included.
Paddle: Handles all payment processing as Merchant of Record. Your payment data is subject to Paddle's privacy policy.
MongoDB Atlas: Our database provider, used to store account and credit data. Data is hosted in secure cloud infrastructure.
Railway: Our backend hosting provider. Application logs may include IP addresses in standard server logs.
We retain your account data for as long as your account is active. If you delete your account, your email, password hash, and credit history are deleted within 30 days. Any remaining unused credits are forfeited upon deletion, as outlined in our Terms of Service.
You may request access to, correction of, or deletion of your personal data at any time by emailing [email protected]. We will respond within 10 business days.
Passwords are hashed using bcrypt and never stored in plain text. All API communication is encrypted over HTTPS. Credit operations are validated server-side — client-side values are never trusted.
We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of the service after changes constitutes acceptance.
If you are located in the European Union or United Kingdom, the following additional rights apply to you under the General Data Protection Regulation (GDPR) and equivalent UK law.
Legal basis for processing: We process your personal data on the basis of contractual necessity — your email address and account information are required to provide the service you signed up for. Transactional emails (verification, password reset) are sent on the same basis.
Your rights:
We do not transfer personal data to third countries outside of services covered by adequate data protection agreements. Anthropic, Paddle, MongoDB Atlas, and Railway all operate under GDPR-compliant terms.
To exercise any of these rights, email [email protected]. We will respond within 10 business days. If you believe we have not handled your data correctly, you have the right to lodge a complaint with your local data protection authority.