Privacy Policy

Zen Moment — last updated 21 April 2026

Zen Moment is built around a single idea: a calmer new tab. We collect the minimum needed to make that work, nothing more. No tracking, no analytics, no advertising — now or ever.

What we collect

Only if you choose to create an account:

Email address — used as your sign-in identifier.
Password — stored only as a salted hash on our backend. We never see or store your password in plaintext.
Favorite photos — the list of Unsplash photo IDs you've hearted, plus a lightweight snapshot of each photo's public metadata (photographer, URL) so your gallery keeps working even if the original image is removed from Unsplash.

Stored locally on your own device (never sent to us):

Your time-format preference (12h / 24h), via Chrome's storage.sync.
A cached copy of today's background photo, via Chrome's storage.local, so new tabs open instantly.

What we do not collect

No browsing history.
No tab content or open-tab lists.
No analytics pings, heartbeats, or usage metrics.
No advertising identifiers or tracking pixels.
No location data.

How we use your data

To sign you in and keep your session active.
To sync your favorites across devices where you're signed in.
Nothing else. We do not profile you, sell data, or share it.

Where your data lives

Account data (email, password hash, favorites) is stored on our backend hosted by Convex .
Operational request logs kept by our hosting provider may contain IP addresses and timestamps for short-term abuse prevention. These are not used for profiling or advertising.
Local caches (photo, preferences) live only on your device and are wiped if you uninstall the extension.

Third parties

Unsplash — we load the daily photograph from Unsplash's public CDN. Loading the image means Unsplash receives a standard web request with your IP address. See the Unsplash privacy policy.
Convex — our backend hosting provider. See the Convex privacy policy.
We do not use any analytics, advertising, crash reporting, or fingerprinting services.

Retention and deletion

Your account and favorites are kept until you ask us to delete them or delete them yourself.
You can remove individual favorites from the favorites gallery at any time.
To delete your account and all associated data, email us at [email protected] and we'll process the request within 30 days.
You can uninstall Zen Moment at any time from chrome://extensions, which wipes local caches and preferences immediately.

Children

Zen Moment is not directed at users under 13. We do not knowingly collect information from children. If you believe a child has signed up, please contact us and we'll delete the account.

Cookies

Zen Moment does not set or use cookies. Your session token is stored in the extension's own local storage and never leaves your browser except to authenticate requests to our backend.

Security

Passwords are hashed server-side; plaintext passwords are never stored.
All traffic between the extension and our backend uses HTTPS.
Session tokens are scoped to the extension and signed by our backend.

Changes to this policy

We'll update the "last updated" date at the top whenever this policy changes. Material changes will be called out in the Chrome Web Store listing changelog.

Contact

Questions, deletion requests, or privacy concerns: [email protected].