Privacy Policy.

1. Introduction and Scope

WaVault ("The Extension") is a professional browser utility designed to help users structure and organize their locally available communication data. This policy defines the mathematical and technical boundaries that protect your information.

2. Zero-Knowledge Architecture

Unlike traditional cloud-based software that uploads "blobs" of user data to a central server, WaVault operates entirely within your browser's Local Runtime Environment.

• Memory-Only Extraction: Data derived from the WhatsApp Web interface is processed in high-speed runtime memory (RAM) using a compiled Rust worker.
• Isolated Storage: Your data stays in the chrome.storage.local area. We have no backend API that periodically "phones home" with your contact lists.
• WASM Sandbox: All logic is executed in a WebAssembly sandbox, heavily restricted from making unauthorized network requests.

3. Data Collection

We follow the principle of Data Minimization. We only collect what is strictly necessary to maintain your license:

• Account Authentication: Your email and license key are stored as unique identifiers on our license server (Creem.io) to activate Pro features.
• Anonymous Crash Logs: We receive basic telemetry (e.g., "Export failed on Chrome v120") to maintain app stability. These logs remain strictly anonymous.

3.1 Analytics and Usage Data

To improve product quality and user experience, WaVault uses Google Analytics 4 to collect anonymous usage statistics. All analytics data is completely anonymous and cannot be linked to you personally.

Data We Track:

• Feature Usage: Which features you interact with (scan, export, search, tab switches)
• User Properties: Account tier (free/premium), contact volume category (small/medium/large), theme preference (light/dark/system)
• Session Metrics: Session duration and engagement time
• Technical Context: Extension version, browser type, operating system

What We Explicitly Do NOT Track:

• Contact names, phone numbers, or WhatsApp messages
• Your IP address or precise geolocation
• Any personally identifiable information (PII)
• Your browsing history outside of WaVault

4. Chrome API Permissions

To operate locally, WaVault requires explicit access to certain browser primitives:

• storage: To save your processed leads to your machine's disk.
• sidePanel: To provide the user interface alongside your communication window.
• offscreen: Required to run the Rust/WASM processing core without slowing down your computer.
• host_permissions: Restricted only to web.whatsapp.com to allow the local extraction bridge to function.

5. Trusted Subprocessors

We work with a minimal set of industry-leading partners to deliver the service:

• Chrome Web Store: Handles the secure delivery of extension code and updates.
• Creem (creem.io): Acts as our Merchant of Record. They handle all financial transactions using PCI-compliant systems. We do not store credit card numbers.
• Google Analytics 4 (Google LLC): Processes anonymous usage analytics. You can opt out at any time.

6. Global Compliance (GDPR/CCPA)

WaVault is designed with "Privacy by Design" from day zero. This gives you absolute control:

• Right to Erasure: Because the data is local, you can exercise this right at any time by simply uninstalling the extension or clearing your browser cache. This permanently purges your vault.
• Data Portability: You can export your data to CSV format at any time using the built-in "Export" functions.

7. Technical Security Standard

We protect your local vault using the same standards used by top-tier financial institutions. All data stored in the browser's local storage is protected by AES-256 encryption at rest, utilizing the operating system's native secure keychain provided by the browser.

If you have any questions regarding these technical safeguards, please reach out to our engineering team.