This policy describes what data the ZendIQ browser extension collects, why, and how it is handled. We've written it to be readable, not just legally defensible.
ZendIQ is a browser extension for Chrome and Brave that provides real-time risk analysis for Solana swaps on Jupiter, Raydium, and pump.fun. Both extensions are provided by the ZendIQ project and are fully open source:
For questions about this policy, contact us at privacy@zendiq.ai.
Both ZendIQ Lite and ZendIQ Pro send anonymous usage events to our backend
(zendiq-backend.onrender.com). Every event is identified by an install_id
— a UUID-v4 generated on first install and stored locally in chrome.storage.local.
No wallet address, no name, no email, and no IP address is ever stored.
There are seven event categories:
Install — fired once on fresh install or extension update
| Field | Why |
|---|---|
| OS (windows / mac / linux) | Understand platform distribution |
| Browser (brave / chrome) | Understand browser distribution |
| Locale (e.g. "en-US") | Aggregate language distribution — no sub-region precision |
| Country (2-char ISO derived from browser locale) | Understand global reach — not from geolocation |
| Reason (install / update) + previous version | Track upgrade paths |
Session — fired when a wallet is detected on page load and on page close
| Field | Why |
|---|---|
| Type (start / end) | Measure session duration |
| Wallet adapter name (e.g. "phantom") | Which wallets are most used — never the public key |
| DEX site (jup.ag / raydium.io / pump.fun) | Which DEX the session was on |
Trade — fired after the user makes a swap decision (optimise, proceed, or cancel)
| Field | Why |
|---|---|
dex | Which DEX executed the trade |
input_mint | Token sold — needed to measure routing gain accuracy |
output_mint | Token bought — needed for risk signal accuracy |
trade_usd | Trade size in USD — capped at $50k (Lite) / $500k (Pro) |
user_action | What the user chose: optimised / proceeded / cancelled |
success | Whether the transaction landed on-chain |
tx_sig | Transaction signature — deduplication + on-chain verification. Publicly visible on Solana block explorers. |
risk_score | Overall risk score (0–100) at time of decision |
bot_risk_score | MEV / sandwich risk score (0–100) |
token_risk_score | Output-token risk score (0–100) |
net_benefit_usd | Estimated routing gain minus fees at time of sign |
routing_gain_usd | Raw routing gain vs Jupiter's concurrent quote |
mev_value_usd | Statistical MEV protection value from Jito tip |
fees_usd | Priority fee + Jito tip cost |
jito_tip_lamports | Jito tip used — verifiable on-chain |
profile | Which protection profile was active |
auto_sign | Whether auto-accept fired |
exec_path | Which route was used: zendiq / jupiter / raydium |
route_chosen | Route type: AMM / RFQ / gasless / bundle |
failure_reason | Human-readable failure description (≤80 chars) when success=false |
data_json | Extra fields not in fixed columns — future-proofs schema (≤4KB) |
Not collected: wallet public key, full transaction bytes, counterparty wallet.
MEV detection — fired when detectSandwich() identifies a sandwich attack around a user swap
| Field | Why |
|---|---|
tx_sig | Transaction signature of the user swap being attacked — deduplication; publicly visible on Solana |
detected | Whether an attack was confirmed |
loss_usd | Estimated USD loss from the attack — measures real-world impact |
loss_bps | Attack severity in basis points |
attacker_hash | SHA-256 of attacker wallet, truncated to 12 hex chars — not sufficient to reconstruct the full wallet address |
method | Detection method: vault_neighbor / bonding_curve_pda / front_run_only |
time_to_detect_s | How quickly ZendIQ identified the attack — measures detection latency |
prevented_count | Attacks in the same block that Jito tips blocked |
Not collected: user wallet address, transaction bytes, victim identity beyond the public tx signature.
Error — fired when an internal error degrades protection (wallet hook failure, injection failure, RPC failure)
| Field | Why |
|---|---|
category | Error class (e.g. wallet_hook, rpc, injection) — routes alerts |
detail | Human-readable description (≤120 chars) — no stack traces, no user data |
rpc_endpoint | Which RPC endpoint failed — diagnoses provider reliability |
latency_ms | RPC latency — diagnoses slow-provider issues |
dex | Which DEX context the error occurred in |
Funnel — key UX steps in the widget flow
| Field | Why |
|---|---|
event | widget_shown / quote_fetched / sign_clicked / cancel_clicked / auto_signed |
dex | Which DEX |
widget_render_ms | Widget render latency — UX performance metric |
Measures where users drop off between "widget appears" and "trade optimised" without any user-identifying data.
Heartbeat — at most once per UTC calendar day on service-worker wake
| Field | Why |
|---|---|
day | Calendar date (YYYY-MM-DD) — deduplication key: one install = one heartbeat/day |
site | Which DEX site triggered the wake |
Powers DAU/WAU/MAU metrics without any persistent user identifier beyond install_id.
We do not use this data for advertising, profiling, or any purpose beyond the above.
tx_sig) are collected for trade and MEV events.
A transaction signature is a public on-chain identifier — visible to anyone on Solana
block explorers (Solscan, SolanaFM, etc.). It does not contain your wallet address, trade amounts,
or personal data. We store it solely for deduplication (preventing double-counting) and
on-chain quote accuracy verification.
Events are stored in a SQLite database on our backend server hosted at Render.com (US region). Render's infrastructure privacy policy is available at render.com/privacy.
We retain event data for 12 months, after which it is automatically purged. Aggregated counts (totals with no individual event rows) may be retained indefinitely.
We do not sell, rent, or share individual event data with any third party. The only external services that receive data as part of a normal extension session are:
These are read-only lookups. ZendIQ does not send wallet addresses or trade data to any of these services.
ZendIQ stores the following data locally in your browser using
chrome.storage.local:
Heartbeat event to once per day)This data stays on your device and is never transmitted to our backend. You can clear it at any time via Chrome's extension storage settings.
ZendIQ Pro is live on the Chrome Web Store as of April 2026 and uses the same seven event categories and the same privacy guarantees as Lite. No wallet address or public key is ever transmitted by Pro.
Pro's trade events include additional fields not present in Lite:
Pro's MEV detection events include the same attacker hash (12-char SHA-256 truncation, not reconstructable) and add the Jito bundle state and on-chain confirmation status.
Pro uses the same install_id
as Lite — there is no separate Pro account or identity.
ZendIQ events do not contain personal data as defined under GDPR or equivalent regulations.
The install_id
cannot be linked to any individual. Transaction signatures are public on-chain identifiers.
There is therefore nothing to access, correct, or delete on an individual basis.
If you believe data was sent in error or have a privacy concern, contact us at privacy@zendiq.ai. We will investigate and respond within 30 days.
If you are in the EU/EEA and believe we have processed personal data about you, you have the right to lodge a complaint with your local data protection authority.
We will update this page when our data practices change. The "Last updated" date at the top of this page reflects the most recent revision. Significant changes will also be disclosed in the extension's release notes.
Both ZendIQ Lite and ZendIQ Pro are fully open source. You can inspect exactly what data is collected and when in each repository:
src/utils/analytics.js,
src/scripts/page-interceptor.js
scripts/page-analytics.js,
scripts/page-interceptor.js