Privacy Policy
Zero for Outlook Browser Extension
Last Updated: January 2, 2026
Zero for Outlook ("the Extension") is committed to protecting your privacy. This Privacy Policy explains how the Extension handles data when you use it with Microsoft Outlook web applications.
TL;DR - Privacy First:
- ✅ Zero data collection - We don't collect, store, or transmit your email content or personal information
- ✅ No analytics or tracking - No telemetry, cookies, or third-party trackers
- ✅ Local storage only - All settings stay on your device
- ✅ Optional AI features - You control if/when AI is used with your own API key
1. Information We Do NOT Collect
The Extension is designed with privacy as a core principle. We explicitly do not collect, store, or transmit:
- ❌ Email content, subjects, or metadata
- ❌ Email addresses or contact information
- ❌ Browsing history or behavior
- ❌ Personal identifiable information (PII)
- ❌ Analytics, telemetry, or usage statistics
- ❌ Cookies or tracking identifiers
2. Data Stored Locally
The Extension stores the following preferences locally on your device using your browser's storage. sync API:
2.1 User Preferences
- Keyboard shortcuts: Your custom key combinations (e.g., Ctrl+Z for undo)
- Vim navigation toggle: Whether vim-style navigation (h/j/k/l) is enabled
- Dark mode preference: Light or dark theme selection
- Inbox Zero toggle: Whether celebration animations are enabled
- Outlook options bar visibility: Show/hide preference for Outlook's header
- Custom shortcuts: User-defined keyboard shortcuts and their target UI elements
- AI title editing toggle: Whether AI-powered shortcut naming is enabled
2.2 Optional API Key (User-Provided)
- Google Gemini API key: If you choose to use AI-powered features (email summarization or UI element description formatting), you may optionally provide your own Google Gemini API key. This is stored locally in browser storage and is never transmitted to our servers (we don't have servers).
Browser Sync: If you have browser sync enabled (e.g., Firefox Sync or Chrome Sync), your browser may sync these preferences across your devices. This sync is handled entirely by your browser vendor, not by the Extension.
3. Permissions Required
The Extension requires certain permissions to function. Here's exactly why each permission is needed:
3.1 Storage Permission
Why: To save your keyboard shortcuts, preferences, and optional API key locally on your device.
Data: Only the preferences listed in Section 2 above.
3.2 Host Permissions for Outlook Domains
https://outlook.live.com/*https://outlook.office.com/*https://outlook.office365.com/*
Why: To inject keyboard shortcut handlers and interact with Outlook's web interface (clicking buttons, navigating messages, etc.). The Extension only runs on these specific Outlook domains and has no access to other websites.
3.3 Host Permission for Google Gemini API (Optional)
https://generativelanguage.googleapis.com/*
Why: To enable optional AI-powered features:
- Email Summarization: Summarize the currently open email thread
- UI Element Description: Generate user-friendly names for custom keyboard shortcuts
Important Notes on AI Features:
- These features are entirely optional and disabled by default
- They only activate when you explicitly invoke them (via command palette)
- You must provide your own Google Gemini API key
- When activated, email content is sent to Google's Gemini API according to Google's API Terms
- We recommend reviewing Google's Privacy Policy before using these features
4. How Data is Used
All data stored by the Extension is used solely to provide the following functionality:
- Responding to your configured keyboard shortcuts
- Maintaining your preference settings across browser sessions
- Enabling optional AI features when you explicitly invoke them
We do not use your data for any other purpose.
5. Third-Party Services
The Extension does not connect to any third-party services except in the following limited, optional scenarios:
5.1 Google Gemini API (Optional)
When you:
- Provide your own Google Gemini API key, AND
- Explicitly invoke an AI-powered feature (summarization or element description)
... the Extension will send data to Google's Gemini API:
- For email summarization: The visible text content of the currently open email thread
- For element descriptions: Metadata about UI elements (aria-label, tag name, visible text)
This data is sent directly from your browser to Google's API. The Extension developer does not have access to this data.
5.2 No Other Third-Party Services
The Extension does not use:
- ❌ Google Analytics or similar tracking
- ❌ Error reporting services (e.g., Sentry, Bugsnag)
- ❌ CDNs for loading external scripts
- ❌ Social media integrations
- ❌ Advertising networks
6. Data Retention
Your preferences and settings are stored indefinitely in your browser's local storage until you:
- Manually clear them via the Extension's options page
- Uninstall the Extension (which removes all stored data)
- Clear your browser's extension storage/data
The Extension developer never receives or stores any of your data on external servers.
7. Security
The Extension is designed with security best practices:
- ✅ All code is bundled and included in the extension package (no remote code execution)
- ✅ No use of
eval() or dynamic code execution
- ✅ Content Security Policy enforced
- ✅ Minimal permissions requested (only what's necessary)
- ✅ Open-source code available for audit at github.com/lucolvin/zero-for-outlook
8. Children's Privacy
The Extension is not directed at children under the age of 13. We do not knowingly collect personal information from children.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be reflected with an updated "Last Updated" date at the top of this document. Continued use of the Extension after changes constitutes acceptance of the updated policy.
10. Open Source
Zero for Outlook is open-source software. You can review the complete source code, report issues, or contribute at:
GitHub: github.com/lucolvin/zero-for-outlook
11. Your Rights
Since all data is stored locally on your device and we don't collect any data:
- Access: You have full access to your data via your browser's storage inspector
- Deletion: You can delete all Extension data by uninstalling it or clearing browser storage
- Portability: Your settings are stored in standard browser storage format
- No tracking: You are never tracked or profiled
12. Contact Information
13. Compliance
This Extension is designed to comply with:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- Mozilla Firefox Add-on Policies
- Chrome Web Store Developer Program Policies