Privacy Policy.
We adhere to a strict Zero-Knowledge architecture. Your data never leaves your device.
Privacy Manifesto
Privacy-First: Your contact database is 100% offline. We use minimal, hashed telemetry for licensing and performance monitoring via Houseof2.Studio.
1. Google Chrome Web Store – Limited Use Disclosure
WaVault's use and transfer of information received from Google APIs to any other app will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.
- Specific Purpose: We only use personal, financial, and location data to provide the core functionality of the extension, specifically for license management, subscription validation, and international tax compliance via our payment partner, Creem.io.
- No Misuse: We do not use or transfer user data to serve advertisements, to determine creditworthiness, or for any purpose unrelated to the core service of the extension.
- No Sale of Data: We do not sell user data to third parties, data brokers, or any other entities.
- Privacy by Design: No humans at Houseof2.Studio or any third party are permitted to read your extracted WhatsApp contact data. All contact extraction happens 100% locally on your device.
2. Introduction and Scope
WaVault ("The Extension") is a professional browser utility designed to help users structure and organize their locally available communication data. This policy defines the mathematical and technical boundaries that protect your information under the stewardship of Houseof2.Studio.
2.1 The "Processing" Disclaimer (GDPR Applicability)
• For WhatsApp Content: Houseof2.Studio is neither a Data Controller nor a Data Processor.
• For Licensing & Support: Houseof2.Studio acts as a Data Controller for the minimal PII (email, hashed identifier) and transaction metadata required to manage your subscription via Creem.io.
3. Zero-Knowledge Architecture
Unlike traditional cloud-based software that uploads "blobs" of user data to a central server, WaVault operates entirely within your browser's Local Runtime Environment.
- Memory-Only Extraction: Data derived from the WhatsApp Web interface is processed in high-speed runtime memory (RAM) using a compiled Rust WebAssembly worker.
- Persistent Local Memory: Our features, such as "Ghost Member Tracking" and contact history retention, are performed by writing encrypted states directly to your device's hard drive. Your contacts and message data stay in the locally encrypted
chrome.storage.localarea. We have no backend API that periodically "phones home" with your contact lists. - WASM Sandbox: All logic is executed in a WebAssembly sandbox, heavily restricted from making unauthorized network requests.
4. Detailed Data Handling Disclosure
To manage Pro licenses and ensure global tax compliance, we process the following data points. This proves our commitment to collecting only what is strictly necessary.
| Data Field | Purpose | Storage Method |
|---|---|---|
| User Identifier (PII) | To bind the Pro license to a specific user. | Stored as a secure SHA-256 Hash. |
| Financial Info | Transaction IDs, Plan ID, and Amount Paid. | Managed by Creem.io. We store only the metadata needed to verify active status. |
| Location Data | To comply with international tax laws (VAT/GST). | Country-level identification only; no GPS tracking. |
| Email Address | For customer support and account recovery. | Stored securely in our encrypted database. |
| Usage & Telemetry | Anonymous usage statistics and technical telemetry to ensure stability. We use Google Analytics 4 and Amplitude with IP masking and do not transmit Personally Identifiable Information (PII) or any contact data to these providers. | Google Analytics 4 / Amplitude / Supabase |
4.1 What We DO NOT Collect
We never upload your leads. They stay on your disk.
We cannot see what you send or receive.
5. Chrome API Permissions
storageSaves leads to your local disk securely.sidePanelRenders the UI next to WA Web.offscreenRuns the Rust WebAssembly extraction engine.scriptingUsed strictly to inject the "Export" button and user interface into the WhatsApp tab.tabsUsed to identify the active WhatsApp tab to ensure the extension only runs where intended.host_permissionsAccess to web.whatsapp.com only.6. Third-Party Data Processing
We use Creem.io as our merchant of record for payment processing and license management. Information such as your name, email, and country is shared with Creem.io solely to process your subscription and fulfill tax obligations. You can view the Creem.io privacy policy on their official website.
| Partner | Role | Jurisdiction |
|---|---|---|
| Creem (creem.io) | Merchant of Record & Payments | Global (PCI Compliant) |
| Supabase | Internal Licensing Database | USA (AWS) |
| Amplitude / GA4 | Anonymous Technical Telemetry | Global (Hashed/Masked) |
7. Global Compliance (GDPR/CCPA) & Lawful Basis
WaVault is designed with "Privacy by Design" from day zero. Because the software operates entirely on your local machine, the extension itself acts solely as a utility.
7.1 User as Primary Data Controller & Liability Holder
Under any applicable global privacy framework or "Law of the Land" (e.g., GDPR, CCPA, DPDP), you (the User) act as the sole Data Controller and/or equivalent responsible entity for the contacts and personal data you extract, track, or retain utilizing WaVault. Houseof2.Studio provides processing capabilities simply as a neutral tool.
For your own local data, you have absolute control:
- Right to Erasure: Uninstalling the extension or clearing your browser cache permanently purges your vault.
- Data Portability: Export your data to CSV format at any time using the built-in "Export" functions.
7.2 Lawful Basis for Telemetry (GDPR Art. 6(1)(f))
We process personal data (technical telemetry and license verification signals) based on our Legitimate Interest in fraud prevention, product stability, and security. We have conducted a balancing test to ensure these interests do not override your fundamental rights and freedoms.
8. Technical Security Standard
We protect your local vault using the same standards used by top-tier financial institutions. All data stored in the browser's local storage is protected by AES-256 encryption at rest, utilizing the operating system's native secure keychain provided by the browser.
If you have any questions regarding these technical safeguards, please reach out to our engineering team.
Security Protocol & Assistance
For technical inquiries or data protection concerns, our security team is available at support@houseof2.studio.