Zloth icon Zloth

Privacy Policy

Last updated: 2/21/2026

This Privacy Policy describes how Zloth ("we," "us," or "our") collects, uses, and shares information when you use the Zloth Chrome extension, our website, and related services (the "Service").

Overview

  • We collect only what we need to provide summaries, sync, and credits.
  • We do not sell your data and do not use it for personalized advertising.
  • We share data only with service providers and for legal, security, or business-transfer reasons.
  • You can delete summaries and folders in the extension, and request account deletion by email.

Information We Collect

  • Account data: Email address and basic profile details used to create and manage your account.
  • Authentication: OAuth access and refresh tokens to keep you signed in. Tokens are stored locally on your device and used to authenticate API requests.
  • Video data you choose to summarize: YouTube video URL, title, thumbnail, duration, prompt type, custom prompt text (if provided), folders, read status, and generated summaries.
  • Usage and credits: Request timestamps and credit ledger events to enforce free/premium limits and show remaining credits.
  • Service logs: IP address, user agent, timestamps, and error logs for security, debugging, and abuse prevention.
  • Payments: Stripe processes payment information. We do not store card numbers. We may store Stripe session/customer identifiers and plan status.
  • Timezone: Used to localize account features such as credit resets.

How We Use Information

  • Provide authentication, summaries, and cross-device sync.
  • Operate free and premium credit limits and show balances.
  • Process payments and manage subscriptions through Stripe.
  • Maintain security, prevent abuse, and troubleshoot issues.
  • Improve the Service using aggregate and error data.

Sharing and Disclosure

  • Service providers: Supabase (auth/database), hosting providers, Google (OAuth), Stripe (payments), and AI model providers used to generate summaries. They process data only to provide the Service.
  • Legal and safety: We may disclose information to comply with law, enforce terms, or protect rights, property, or safety.
  • Business transfers: If we enter a merger, acquisition, or asset sale, data may transfer as part of that transaction.
  • No sale / no advertising use: We do not sell your data and do not use it for personalized, interest-based, or retargeted advertising.

Security

  • Data is transmitted over HTTPS.
  • Tokens are stored locally on your device; backend data is protected by our providers with appropriate controls.
  • We apply access controls and least-privilege principles to our services.

Data Retention and Deletion

  • We retain account and summary data while your account is active to provide the Service.
  • You can delete summaries and folders in the extension at any time.
  • You can request account deletion by contacting us (see Contact below).
  • Some logs may be retained for security, fraud prevention, and legal compliance.

Your Choices and Rights

  • Access, correct, or delete your summaries and folders in the extension.
  • Request access, correction, or deletion of account data by contacting us.
  • Sign out at any time to stop new data from being associated with your account.

Chrome Web Store “Limited Use” Commitments

  • Data and permissions are used only to provide and improve summarization, folders, credits, and sync.
  • Data is shared only with service providers, for legal compliance, or for business transfers.
  • We do not use or transfer data for personalized advertising.
  • Human access is limited to support, security, legal compliance, or aggregated/anonymized operations.

Permissions We Request (Purpose-Limited)

  • activeTab: Interact with the current YouTube tab after you click the extension.
  • tabs: Find open youtube.com tabs to send updates. We do not read general browsing history.
  • storage: Save settings, summaries, folders, and auth tokens on your device.
  • identity: Google sign-in via Supabase to authenticate your account.
  • windows: Open OAuth and Stripe checkout/billing windows.
  • Host permissions: YouTube to show the summarize button; backend/API domains for summaries and sync; Google OAuth; Stripe for payments. We request the minimum scope needed.

Data We Do Not Collect

  • We do not collect general web browsing history; only the YouTube video URLs you choose to summarize.
  • We do not collect keystrokes, mouse movements, or personal communications.
  • We do not collect health information or store payment card numbers.

International Transfers

  • Your information may be processed where our providers operate, and we rely on recognized safeguards as applicable.

Children’s Privacy

  • The Service is not intended for children under 13. If you believe a child provided information, contact us to delete it.

Changes to This Policy

  • We may update this policy and will revise the “Last updated” date above. We may provide additional notice for material changes.

Contact