Zapext
FeaturesWho is it for?TestimonialsPricingFAQBlog
Sign inStart free

Privacy Policy

Last update: May 20, 2026

This Privacy Policy describes how Zapext ("we", "Zapext") collects, uses, stores and protects personal data of users ("you", "Data Subject"), in compliance with Brazil's General Data Protection Law — LGPD (Law 13.709/2018) and applicable international standards.

1. Controller

Zapext acts as Data Controller of personal data collected through the extension and website. Legal entity details on About. For rights exercise, use channels in Section 11.

2. Personal Data Collected

  • Registration data: name, email, phone, password (cryptographic hash).
  • Payment data: processed exclusively by PCI-DSS certified gateways. Zapext does not store credit card data.
  • Extension usage data: technical logs, browser/OS version. No WhatsApp conversation content collected.
  • Website browsing data: IP, device type, browser, pages visited — via cookies and analytics.
  • Communications: emails and support tickets sent voluntarily.

What we don't collect: the content of conversations you keep on WhatsApp Web through the extension. All message handling occurs locally on your computer, no upload to Zapext servers.

3. Processing Purposes

  • Provide extension and website access;
  • Process payments and manage subscriptions;
  • Technical support;
  • Product improvement (aggregate, anonymous analysis);
  • Account-relevant communications;
  • Fraud prevention and platform security;
  • Legal compliance.

4. Legal Bases (LGPD art. 7)

  • Contract execution;
  • Legal obligation compliance;
  • Legitimate interest;
  • Consent.

5. Sharing with Third Parties

  • Payment gateways (Stripe, Pagar.me, Mercado Pago);
  • Transactional email providers (SendGrid, Resend);
  • Hosting providers (Vercel, Cloudflare);
  • Analytics tools (with opt-out respected);
  • Public authorities when legally required.

We do not sell personal data for marketing purposes.

6. Cookies

We use essential cookies (site functionality), preference cookies (language, login) and, with consent, analytics cookies. Manage preferences via the consent banner or browser settings.

7. Storage and Retention

  • Registration data: while account is active + up to 5 years for legal purposes.
  • Payment data: per fiscal legislation (min. 5 years).
  • Usage logs: up to 6 months.
  • Cookie data: as configured per cookie.

8. Security

HTTPS/TLS in transit, bcrypt password hashing, role-based access, intrusion monitoring, periodic backups, staff security training. Incidents reported to authorities and affected data subjects per LGPD art. 48.

9. Data Subject Rights (LGPD art. 18)

  1. Confirmation of processing;
  2. Access to personal data;
  3. Correction of incomplete or outdated data;
  4. Anonymization, blocking or deletion of unnecessary data;
  5. Portability to another service provider;
  6. Deletion of consent-based data;
  7. Information about data sharing;
  8. Information about consent consequences;
  9. Consent revocation at any time;
  10. Opposition to non-compliant processing.

10. International Transfer

Some infrastructure (hosting, email, analytics) may involve transfer outside Brazil. We require LGPD-equivalent protection from partners (LGPD art. 33).

11. DPO and Contact

To exercise rights, contact our DPO via channels on Contact. Response within 15 days. Complaints can also be filed with the Brazilian National Data Protection Authority (ANPD).

12. Policy Changes

Updates communicated with at least 30 days notice.

13. Minors

Service intended for users 18+. We do not knowingly collect data from minors.

See also: Terms of use.