Privacy Policy

Last updated: January 18, 2026

Zazus ("we", "our", or "us") is committed to protecting your privacy in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). This Privacy Policy explains how we collect, use, and safeguard your information when you use our Chrome extension and related services.

        The Short Version
        Your data is encrypted on your device — we cannot read your templates or any content you create
We don't track your keystrokes — trigger detection happens locally, nothing is transmitted
We don't sell your data — we have no ads, no analytics tracking, no third-party data sharing
Your data stays in Canada — all servers are located in Canada
You control your data — access, export, correct, or delete everything at any time

      

Accountability

In accordance with PIPEDA's accountability principle, we have designated a Privacy Officer responsible for our compliance with this policy and Canadian privacy law.

Privacy Officer

Name: Sophian
Title: Privacy Officer & Developer
Email: privacy@zazus.ca
Address: Montréal, Québec, Canada

All privacy inquiries, access requests, and complaints should be directed to the Privacy Officer.

Information We Collect

Sources of Information

We collect personal information directly from you when you:

Create an account (email address)
Create templates and data lists (encrypted content)
Configure your settings and preferences
Contact us for support

We do not collect personal information about you from third parties.

Account Information

When you create an account, we collect your email address for authentication purposes. This is stored securely by our authentication provider (Supabase) on servers located in Canada.

Encrypted User Content

Your templates, data lists, and settings are encrypted on your device using AES-256-GCM encryption before being uploaded to our servers. The encryption key is derived from your password using PBKDF2 with 100,000 iterations. We never have access to your encryption key or decrypted content.

This encrypted content includes:

Templates you create (trigger, name, content, fields)
Data lists (names, columns, row data)
Your settings and preferences

What We Do NOT Collect

        We Never Collect:
        Keystrokes or text you type (trigger detection happens locally)
Clipboard contents (only read locally when you use the clipboard feature)
Browsing history or website content
Patient information, medical records, or any data you expand
Usage analytics or behavioral tracking
Device fingerprints or advertising identifiers

      

Purposes for Collection

We identify and document our purposes for collecting personal information before or at the time of collection. We collect and use your information solely for:

Authentication: To verify your identity when you sign in
Service delivery: To store your encrypted data so you can access it across devices
Support: To respond if you contact us with questions or issues

We do not use your information for advertising, profiling, or any purpose other than providing the service. We will not use your personal information for any new purpose without first obtaining your consent.

Consent

By creating an account and using Zazus, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy. You may withdraw your consent at any time by:

Deleting your account through the extension settings
Contacting our Privacy Officer to request account deletion

Please note that withdrawing consent may affect our ability to provide the service to you.

Data Storage and Security

Zero-Knowledge Architecture

Zazus uses a zero-knowledge encryption model. Your data is encrypted with a key derived from your password before it leaves your device. We store only the encrypted blob — we cannot decrypt it, and neither can anyone who gains unauthorized access to our servers.

Data Location — No Cross-Border Transfers

All data is stored exclusively on servers located in Canada, operated by Supabase (Canadian region). Your personal information is not transferred outside of Canada. This ensures compliance with Canadian privacy regulations including PIPEDA.

Security Safeguards

We protect your personal information with security safeguards appropriate to the sensitivity of the information:

Technical measures: AES-256-GCM encryption, PBKDF2 key derivation (100,000 iterations), TLS encryption in transit
Organizational measures: Limited access to personal information, privacy training
Physical measures: Secure data center facilities (managed by Supabase)

Automatic session timeout and no plain-text storage of passwords or encryption keys provide additional protection.

Chrome Extension Permissions

Zazus requests the following browser permissions:

        Permission Explanations
        
            <all_urls> — Required to detect your trigger words in any text field on any website. 
            We do NOT read or transmit page content; we only listen for your specific triggers.
          
            clipboardRead — Only used when you include the clipboard placeholder in a template. 
            Content is read locally and never transmitted.
          
            storage — To save your templates and settings locally on your device.
          
            activeTab — To insert your expanded text into the current input field.

Disclosure to Third Parties

We do not sell, rent, or share your personal information with third parties for their marketing or other purposes.

We may disclose information only in these limited circumstances:

Third Party	Purpose	Data Shared
Supabase (Canada)	Authentication & encrypted data storage	Email address, encrypted blobs
Law enforcement	Legal compliance	As required by law, court order, or governmental regulation

Service providers process data on our behalf under strict contractual obligations to protect your information.

Your Rights Under PIPEDA

Under Canada's Personal Information Protection and Electronic Documents Act, you have the following rights:

        Your Privacy Rights
        Right to Access: You may request access to the personal information we hold about you
Right to Correction: You may challenge the accuracy and completeness of your information and have it corrected
Right to Know: You may ask how your information has been used and to whom it has been disclosed
Right to Withdraw Consent: You may withdraw your consent to our collection, use, or disclosure of your information
Right to Complain: You may challenge our compliance with PIPEDA

      

How to Exercise Your Rights

To exercise any of these rights, you may:

Self-service: Access, export, or delete your data directly within the Zazus extension Settings page
Contact us: Email our Privacy Officer at privacy@zazus.ca with your request

When submitting a request, please provide sufficient information to identify yourself and specify what information or action you are requesting. We will respond to your request within 30 days as required by PIPEDA. Access to your personal information is provided free of charge.

Challenging Compliance

You have the right to challenge our compliance with PIPEDA. If you believe we have not handled your personal information appropriately, please follow these steps:

Contact our Privacy Officer: Email privacy@zazus.ca with details of your concern. We will investigate and respond within 30 days.
Escalate to the OPC: If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada:

Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, Quebec K1A 1H3
Toll-free: 1-800-282-1376
Website: www.priv.gc.ca

Data Retention

We retain your personal information only as long as necessary to fulfill the purposes for which it was collected:

Active accounts: Data is retained while your account is active
Account deletion: All associated data is permanently deleted from our servers within 30 days of account deletion
Local data: Data on your device persists until you clear it manually or uninstall the extension

When personal information is no longer needed, it is securely destroyed or anonymized.

Children's Privacy

Zazus is not intended for use by children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact our Privacy Officer immediately and we will delete it.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

Updating the "Last updated" date at the top of this page
Displaying a notice within the Zazus extension for significant changes

Your continued use of Zazus after changes constitutes acceptance of the updated policy.

Open Source

Zazus is open source software. You can review our code to verify our privacy practices at:
git.sophian.cc/sophian/MedText

Note: The repository is currently private. Contact us for access.

Questions or Concerns?

If you have any questions about this Privacy Policy, want to exercise your rights, or have a complaint, please contact our Privacy Officer:

Email: privacy@zazus.ca
Response time: Within 30 days