Privacy Policy

Zyko Platform — ZykoLogin Browser Extension

Last updated: March 12, 2026

Overview

ZykoLogin is a browser extension that enables biometric-authenticated credential filling for web login pages. This privacy policy explains what data the extension collects, how it is used, and how it is protected.

Data Collection

What ZykoLogin collects:

Company configuration: A list of website URLs and CSS selectors provided by your company administrator via the Zyko Portal. This data is stored locally in your browser using chrome.storage.local.

What ZykoLogin does NOT collect:

Passwords or credentials (these are transmitted momentarily during fill and immediately discarded)
Browsing history or visited URLs
Personal information (name, email, etc.)
Cookies or session tokens from any website
Analytics, telemetry, or usage tracking data
Keystrokes or form inputs on any website

Data Usage

The extension uses the stored website configuration solely to:

Determine if the current page matches a company-registered website
Detect login form fields on matching pages
Fill credentials received from the Zyko Platform API after biometric approval

Data Storage

            No credentials are ever stored. Passwords received from the API exist in browser memory only during the fill operation (typically less than 1 second) and are not persisted anywhere.
        

Local only: Company configuration (website URLs and CSS selectors) is stored in chrome.storage.local within your browser.
No remote storage: The extension does not maintain any server-side database of user activity.

Network Communication

The extension communicates only with the Zyko Platform API (https://getzyko.com/api/api.php) for:

Configuration refresh: Downloading the list of registered websites for your company
Authentication requests: Creating QR Code tokens and polling for biometric approval
Credential retrieval: Receiving approved credentials for form filling

All communication uses HTTPS encryption. No data is sent to any third-party service.

Permissions Explained

Permission	Purpose
`activeTab`	Access the current tab's URL to check against registered websites
`storage`	Store company configuration locally across browser sessions
`host_permissions`	Detect login forms on any page, because registered websites are dynamic and company-specific

Why broad host permissions are necessary

Each company configures its own set of websites (CRM, ERP, email, etc.) in the Zyko Portal. These URLs are unique per company and change over time. The extension must detect login forms on any of these websites. Since the URLs cannot be known at development time, the extension requires broad host permissions. However, the extension only takes action on pages matching the company's registered site list.

Data Sharing

ZykoLogin does not share any data with third parties. The only external communication is with the Zyko Platform API as described above.

Data Retention

Company configuration is retained in chrome.storage.local until the user disconnects (logout) from the extension or uninstalls it.
No historical data, logs, or activity records are maintained by the extension.

User Control

Users can at any time:

View which sites are configured via the extension popup
Refresh the configuration from the Zyko Portal
Disconnect (logout) which removes all stored data from the extension
Uninstall the extension, which removes all local data

Children's Privacy

ZykoLogin is designed for enterprise/business use and is not directed at children under 13 years of age.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected in the "Last updated" date at the top of this document.

Contact

For privacy-related questions or concerns:

Website: zyko.pro
Email: privacy@zyko.pro