Privacy Policy

This policy describes the data collected by the HiVietBro browser extension (the "Extension") and the related service at zalo-bridge-api.aleuphoria.workers.dev (the "Service").

Operator

Alexander Nemirov (contact: [email protected]). The Service is hosted on Cloudflare Workers / D1 / KV.

Data we collect

When you sign in with Google OAuth

• Email address (for account identification).
• Display name and avatar URL (shown in the extension popup).
• Google subject ID (a unique identifier for account linking).

When you use translation

• Message text is sent to the Anthropic Claude API for translation. After receiving a response, it is not stored in our database.
• Metadata — text length, source/target languages, timestamp, sha256 hash of the chat ID — is stored in our database for billing and quotas. Message bodies are not stored.
• Translation cache — anonymized text and its translation are stored in Cloudflare KV under a hashed key, with no link to a specific user. Used as a deduplication cache shared across all users.

Stored locally on your device

• Authorization JWT (in chrome.storage.local).
• AES-GCM encrypted translation cache (IndexedDB). Key derived from a local random seed via PBKDF2.
• Per-chat settings (enabled/disabled, partner language).

What we do not do

• We do not sell your data to third parties.
• We do not use your messages to train models. Anthropic Claude API does not use API call data for training by default.
• We do not track activity outside of chat.zalo.me and the extension's pages.
• We do not have access to your Zalo account: the extension layers on top of the official client and does not transmit Zalo passwords or sessions to us.

Third-party data sharing

• Anthropic — message text is sent to the Claude API for translation. Anthropic Privacy →
• Google — for OAuth sign-in. We receive email and name.
• Cloudflare — service hosting. Cloudflare Privacy →

Your rights

You may at any time:

• Delete your account — write to [email protected]; deletion happens within 7 days.
• Clear the local cache — through the extension popup, "clear" button.
• Revoke Google access — via your Google account settings.
• Request a data export — by email.

Storage and protection

• TLS on all connections (Cloudflare).
• JWT secret and API keys are stored as Worker secrets (encrypted at rest).
• Local cache on your device is encrypted with AES-GCM.
• Metadata retention period — 90 days (for billing), then deleted.

Cookies

The site uses only functional cookies (for sign-in). No analytics or advertising trackers.

GDPR / CCPA

If you reside in the EU, UK, or California, you have the right to access, correction, deletion, export, and restriction of processing. Contact: [email protected].

Policy changes

For material changes — we will notify you via email at least 14 days in advance.

Not affiliated with Zalo

HiVietBro is an independent product. Not associated with, endorsed by, or affiliated with VNG Corporation, the owner of Zalo. "Zalo" is a trademark of VNG.