Privacy Policy

This policy describes the data collected by the HiVietBro browser extension (the "Extension") and the related service at zalo-bridge-api.aleuphoria.workers.dev (the "Service").

Operator

Alexander Nemirov (contact: [email protected]). The Service is hosted on Cloudflare Workers / D1 / KV.

Data we collect

When you sign in with Google OAuth

• Email address (for account identification).
• Display name and avatar URL (shown in the extension popup).
• Google subject ID (a unique identifier for account linking).

When you use translation

• Message text is sent to a third-party AI provider (subprocessor) for translation. After receiving a response, it is not stored in our database. Full subprocessor list available on request at [email protected].
• Metadata — text length, source/target languages, timestamp, sha256 hash of the chat ID — is stored in our database for billing and quotas. Message bodies are not stored.
• Translation cache — anonymized text and its translation are stored in Cloudflare KV under a hashed key, with no link to a specific user. Used as a deduplication cache shared across all users.

Stored locally on your device

• Authorization JWT (in chrome.storage.local).
• AES-GCM encrypted translation cache (IndexedDB). Key derived from a local random seed via PBKDF2.
• Per-chat settings (enabled/disabled, partner language).

Anonymous error reports

The extension sends anonymous technical reports when something fails — this lets us fix bugs quickly (e.g. when Zalo changes its DOM). Reports contain only:

• Extension version, browser type, error type and stack trace.
• Hashed user_id and hashed chat_key (8 hex chars of SHA-256 — cannot be reversed to your email or chat name).
• Length of the message text (number of characters), but not the text itself.
• UI state at the time of the error: which language, translation enabled, whether a sticker is in the input.

Reports never include: message text, contact names, plain email, screenshots. Reports are auto-deleted after 7 days. You can opt out — extension popup → uncheck "Anonymous error reports".

What we do not do

• We do not sell your data to third parties.
• We do not use your messages to train models. Our AI provider also does not use API call data for training by default.
• We do not track activity outside of chat.zalo.me and the extension's pages.
• We do not have access to your Zalo account: the extension layers on top of the official client and does not transmit Zalo passwords or sessions to us.

Third-party data sharing

• AI provider (subprocessor) — message text is sent to a third-party AI provider only at the moment of translation, never stored. Full subprocessor list with their privacy policies available on request.
• Google — for OAuth sign-in. We receive email and name.
• Cloudflare — service hosting. Cloudflare Privacy →

Your rights

You may at any time:

• Delete your account — write to [email protected]; deletion happens within 7 days.
• Clear the local cache — through the extension popup, "clear" button.
• Revoke Google access — via your Google account settings.
• Request a data export — by email.

Storage and protection

• TLS on all connections (Cloudflare).
• JWT secret and API keys are stored as Worker secrets (encrypted at rest).
• Local cache on your device is encrypted with AES-GCM.
• Metadata retention period — 90 days (for billing), then deleted.

Cookies

The site uses only functional cookies (for sign-in). No analytics or advertising trackers.

GDPR / CCPA

If you reside in the EU, UK, or California, you have the right to access, correction, deletion, export, and restriction of processing. Contact: [email protected].

Policy changes

For material changes — we will notify you via email at least 14 days in advance.

Not affiliated with Zalo

HiVietBro is an independent product. Not associated with, endorsed by, or affiliated with VNG Corporation, the owner of Zalo. "Zalo" is a trademark of VNG.