Back to Home

Privacy Policy

Last updated: January 2025

Your privacy is our priority. zenGPT is 100% local-first - all your data stays on your device. We never collect, access, transmit, or store your chat conversations, folders, bookmarks, or any personal information on external servers.

Information We Collect

zenGPT operates entirely on your device using a local-first architecture. We collect no data whatsoever:

  • Zero Chat Data Collection: Your ChatGPT conversations are never sent to our servers or any third-party service. All chat organization happens locally in your browser.
  • No Personal Information: We do not collect, store, or transmit names, emails, account IDs, or any personally identifiable information.
  • No Analytics or Tracking: We do not use Google Analytics, tracking pixels, or any telemetry. No usage statistics are collected - not even anonymously.
  • No Server Communication: zenGPT never contacts our servers. The extension only communicates with ChatGPT's official API to fetch your existing conversations.

How Your Data Is Stored

All zenGPT data is stored locally using your browser's built-in storage:

  • Custom Folders: Your folder structure and chat assignments are stored in browser IndexedDB
  • Bookmarks: Bookmarked conversations are flagged in your local database
  • Chat Metadata: Conversation titles, dates, and organization info stored locally
  • User Preferences: Settings and display preferences stored in chrome.storage.local
  • Zero Cloud Storage: Nothing is synced to any remote server - not even to our own servers

We physically cannot access your data because it never leaves your device.

What zenGPT Accesses

zenGPT only interacts with ChatGPT's official APIs to provide its functionality:

  • Conversation List: We fetch your conversation list from ChatGPT's official API to display it in our interface
  • Session Authentication: We use your existing ChatGPT login session (no separate login required)
  • Chat Operations: Renaming, deleting, and opening chats are done through ChatGPT's official endpoints
  • No Message Content: We never read the actual messages inside your conversations - only titles and metadata

All communication goes directly between your browser and ChatGPT. We act as an organizational layer on top of your existing ChatGPT account.

Third-Party Services

zenGPT has minimal third-party interactions:

  • ChatGPT Integration: We fetch your conversation list from ChatGPT's official API. This is the same data ChatGPT already has about you. We add no additional tracking.
  • Chrome Web Store: Installation, updates, and basic extension metrics are managed by Google's Chrome Web Store infrastructure
  • No Analytics Services: We do not use Google Analytics, Mixpanel, Amplitude, or any other analytics platform
  • No Advertising Networks: We do not integrate with any ad networks or marketing platforms

If it's not ChatGPT or the Chrome Web Store, we don't talk to it.

Your Rights and Controls

You have complete control over your data:

  • Export Anytime: Export all your chat data, folders, and bookmarks in HTML or JSON format from the extension
  • Delete Instantly: Uninstalling zenGPT immediately removes all local data from your browser
  • No Account Required: zenGPT works entirely through your existing ChatGPT session - no separate account or registration
  • Full Transparency: All zenGPT code and data operations happen locally in your browser where you can inspect them
  • Data Portability: Exported data is in standard formats (HTML, JSON) that work anywhere

Security

Our local-first architecture provides strong security guarantees:

  • No Server = No Data Breaches: Since we don't have servers storing your data, there's no central database to breach
  • Browser Security: Your data is protected by Chrome's security model, including same-origin policy and encrypted storage
  • Minimal Permissions: zenGPT only requests the minimum permissions needed (access to chatgpt.com and local storage)
  • Content Security Policy: Our extension enforces strict CSP to prevent malicious code injection
  • XSS Protection: All user input is sanitized using DOMPurify library to prevent cross-site scripting attacks
  • Regular Updates: Security patches and improvements are released through Chrome Web Store updates

Children's Privacy

zenGPT is not directed at children under 13. We do not knowingly collect information from children. If you believe a child has used our extension, please contact us.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by:

  • Posting the new policy on this page
  • Updating the "Last updated" date
  • Sending a notification through the extension (for major changes)

Contact Us

If you have any questions about this Privacy Policy or how we handle data, please contact us: