VZlyze is a Chrome extension and web service operated by an individual developer based in Morocco. "VZlyze," "we," "us," and "our" all refer to this service. You can reach us at [email protected].
Account information. When you register, we collect your email and a hashed password (or your Google account identifier if you sign in with Google). Plain-text passwords are never stored.
Credit usage data. We keep a server-side ledger of your credit balance, pack purchases, and credit-consumption events. This is needed to run the service.
Screenshots sent to AI (only when you click an analysis or extraction action). When you click Quick Analysis, Deep Research, Compare, Extract Table, Extract Handwriting, or Anonymize, the screenshot is sent to our backend and forwarded to Anthropic's API. The image is processed in memory and discarded once the response is returned. We do not retain it.
Shared screenshots. If you create a share link from an analysis result, the screenshot and AI summary are stored in our database so the link recipient can view them. Shares are deleted automatically after 7 days or 50 views, whichever comes first. Don't share screenshots that contain private or sensitive content.
Payment data. Paddle handles all payments as Merchant of Record. We never see or store your card details. We receive a webhook confirming the purchase and the pack type.
Analytics. Our public marketing pages load Google Analytics to count visits and see which pages bring people to the extension. Our legal pages (Privacy, Terms, Refund) do not load any analytics. See section 06 below.
We do not use your data for advertising, profiling, or sale to third parties.
Anthropic. Screenshots you submit for analysis are sent to Anthropic's API. Deep Research additionally uses Anthropic's built-in web search tool, which may send queries derived from your screenshot content to external search providers via Anthropic. We send only the image and the system prompt; no account identifiers are attached. Governed by Anthropic's privacy policy.
Paddle. Processes all payments as Merchant of Record. Your payment data is governed by Paddle's privacy policy.
MongoDB Atlas. Our database provider. Stores account data, the credit ledger, and active share links.
Railway. Our backend hosting provider. Server logs may include IP addresses.
Resend. Sends our transactional emails (verification, password reset, purchase confirmation). Your email address and the email body pass through Resend. Governed by Resend's privacy policy.
Google. If you choose to sign in with Google, your Google account identifier and email are exchanged through Google's OAuth service, subject to Google's own privacy terms. Our public marketing pages also load Google Analytics (see section 06).
Our public marketing and pricing pages load Google Analytics (gtag.js) so we can count visits and understand which pages bring people to the extension. GA sets cookies and assigns each visitor a randomized client ID. We do not pass your email, name, or any account identifier to GA.
Our legal pages (Privacy, Terms, Refund) do not load Google Analytics at all. The extension itself does not load Google Analytics.
To opt out of Google Analytics across the web, install Google's official Opt-out Browser Add-on, enable Do Not Track in your browser, or use a content blocker. We do not use any other tracking, advertising, or behavioral profiling tools.
Account data is retained for as long as your account is active. If you delete your account, your email, password hash, and credit history are removed within 30 days. Any remaining unused credits are forfeited on deletion, as set out in our Terms of Service.
Shared screenshots are deleted automatically after 7 days or 50 views, whichever comes first. Deletion is enforced at the database level by a TTL index.
Server logs that contain IP addresses are retained by our hosting provider for operational and security purposes and rotated on their schedule.
You may request access to, correction of, or deletion of your personal data at any time by emailing [email protected]. We respond within 10 business days.
Passwords are hashed with bcrypt and never stored in plain text. All API traffic uses HTTPS. Credit operations are validated server-side; client-side values are never trusted for authorization.
We may update this policy from time to time. Changes are posted on this page with an updated date. Continued use of the service after a change constitutes acceptance.
If you are in the EU or UK, the following additional rights apply under the GDPR and equivalent UK law.
Legal basis for processing. We process your personal data on the basis of contractual necessity: your email and account information are required to provide the service you signed up for. Transactional emails are sent on the same basis. Analytics on our public marketing pages is processed on the basis of legitimate interest in understanding aggregate site usage.
Your rights:
We do not transfer personal data to third countries outside services covered by adequate data protection agreements. Anthropic, Paddle, MongoDB Atlas, Railway, Resend, and Google all operate under GDPR-compliant terms.
To exercise any of these rights, email [email protected]. We respond within 10 business days. If you believe we have not handled your data correctly, you have the right to lodge a complaint with your local data protection authority.