Privacy Policy for ZK Email

Privacy Policy for ZK Email
Effective Date: 10/4/2024


ZK Email (“we,” “our,” or “us”) is committed to safeguarding your privacy and ensuring that your data remains secure and private when using our service. This Privacy Policy explains how we collect, use, and protect your information when you use ZK Email, a privacy-preserving system that allows you to selectively prove the sender, receiver, or contents of emails without exposing sensitive data.

1. Information We Collect
ZK Email only processes the specific email data you choose to share for proof generation. This includes:

Email Metadata: Sender, receiver, subject line, and timestamp of the email you are proving.
Email Content: Only the specific parts of the email you choose to reveal (e.g., Twitter username, mention of a name, etc.). All other parts of the email remain private.
OAuth Authentication: If integrating with third-party email providers (e.g., Gmail), ZK Email requests read access to your emails and metadata solely to generate proofs. The access scope is strictly limited to what's needed to perform these functions.

2. How We Use Your Data
ZK Email uses your data exclusively for proof generation. Here's how:

Proof Creation: We enable you to prove the contents of an email while concealing the parts you don't want to disclose.
Temporary Data Processing: If you choose to generate proofs server-side, raw email data is temporarily stored for the duration of proof generation and deleted immediately afterward.
Client-Side Privacy: When generating proofs client-side, no email data is stored on our servers. All proof generation happens locally on your device.

3. Data Storage and Retention
Client-Side Processing: ZK Email does not store any data on our servers during client-side proof generation. All email data remains on your device, ensuring full privacy.
Server-Side Processing: If server-side proof generation is required, raw email data is temporarily processed and stored until the proof is generated. After the proof is created, the raw data is immediately deleted. The resulting proof may be stored on-chain or off-chain, depending on your requirements.
Analytics: We use privacy-preserving analytics via tinfoil.sh, an MPC (Multi-Party Computation) based system that performs analytics without storing any individual session data. As a result, ZK Email does not require cookie banners or any invasive tracking.

4. Third-Party Access
ZK Email does not sell or rent your data under any circumstance. We share your email data with third parties in the following circumstances:

Proof Verification: If the proof needs to be pushed on-chain (e.g., to verify email ownership or content), the disclosed data will be available on the blockchain, where it will remain immutable.
Service Providers: We may work with trusted partners (e.g., cloud infrastructure providers) to facilitate server-side proof generation. These partners are contractually obligated to comply with our privacy policies.

5. Security Measures
We employ robust security measures to protect your data:

Zero-Knowledge Proofs: Our system uses advanced cryptography to ensure that only the email content you explicitly reveal is exposed. Everything else remains private.
Encryption: All data transmissions are encrypted, ensuring that any email data being transferred is secured.
Client-Side Proving: For maximum privacy, ZK Email allows users to generate proofs entirely on their own device, meaning no data is shared with ZK Email servers unless explicitly consented to.

6. Consent and Control
You have full control over the data ZK Email processes:

OAuth Authorization: If you connect an email provider (e.g., Gmail) to ZK Email, we request explicit permission to access only the emails required to create proofs.
Proof Generation Consent: You must manually consent to temporary storage of email data if server-side processing is necessary. This is clearly indicated in the user interface (UI).
Blockchain Consent: If you choose to push proofs on-chain, ZK Email will prompt for your explicit consent before publishing any email-related data on a blockchain.

7. Your Rights
You have the right to:

Withdraw Access: You can revoke access to your email account at any time through the OAuth settings of your email provider.
Data Deletion: ZK Email will delete any temporary raw email data once the proof generation process is complete. We store no personal data unless it is explicitly included in a proof you chose to push to the blockchain.
Transparency: You can request information on any data ZK Email has processed or stored for proof generation.

8. Changes to This Policy
We may update this Privacy Policy from time to time. When changes are made, we will notify users by posting the revised policy on our website, and changes will take effect immediately.

9. Contact Us
For any questions or concerns regarding your privacy, feel free to reach out to us at:

Email: admin@prove.email
Company: Ivy Research, LLC

This Privacy Policy is designed to comply with privacy standards, including Google's OAuth requirements, ensuring that ZK Email accesses only the necessary data for its privacy-preserving features without retaining or exposing sensitive information.