🔐

Your Data. Your Browser. Your Rules.

ZDR Chat was built around one conviction: privacy isn't a feature, it's the foundation. Every design decision starts and ends with keeping your data in your hands.

The ZDR Pledge

Zero Data Retention. Zero Compromise.

We collect nothing. We store nothing. We log nothing. Your conversation history lives in your browser's IndexedDB. Your API key is stored locally. We run no servers, maintain no databases, and have no backend — the entire app is a static PWA deployed to Cloudflare Pages. When you close the tab, the connection to the world is gone. Your data remains in your browser, for your eyes only, until you choose to clear it.

Where Your Data Lives

Conversations

Every message lives in your browser's IndexedDB. Organized by conversation, searchable, exportable. Never copied anywhere else.

Your API Key

Stored in localStorage. Read only when making a request. We never see it — not even once.

Preferences

Theme, density mode, model sort — all in localStorage. Persistent across sessions, gone when you clear your data.

The Only Data Flow

There is exactly one network request in ZDR Chat: from your browser to OpenRouter. Nothing more.

🌐 Your Browser

Key from localStorage
Messages from IndexedDB
Sent via HTTPS

HTTPS

🤖 OpenRouter

Receives your request
Streams the response
ZDR enforced

↳ No intermediate servers. No databases. No logging. No analytics.

What Never Happens

✗

No data collection

We don't collect, store, or transmit any usage data, analytics, or telemetry.

✗

No accounts

No sign-up, no user IDs, no profiles. You don't exist in our database because there is no database.

✗

No tracking scripts

Zero analytics, zero pixels, zero cookies. The page loads and that's it.

✗

No data selling

There's nothing to sell — we never have your data in the first place.

Clearing Your Data

Because everything is local, clearing your data is straightforward — and immediate.

1 In the App

Click the settings gear, select Clear All Data, confirm. Every conversation, your API key, and all preferences are gone instantly.

2 In Your Browser

Open DevTools → Application → Clear site data for app.zdr.chat. Same result: everything gone, no traces anywhere.

Enforcing ZDR at the Network Layer

ZDR Chat sends X-ZDR: 1 with every request, but for full enforcement, configure your OpenRouter account:

Enable ZDR at the account level

Visit OpenRouter Privacy Settings and switch on Zero Data Retention. This applies to all requests from your account by default.

Enable the ZDR guardrail

This prevents per-request settings from disabling ZDR. Think of it as a safety catch — if a client accidentally sends X-ZDR: 0, the guardrail blocks it.

With both enabled, every request is ZDR-guaranteed at the network layer. OpenRouter will not log your prompts, responses, or metadata — period.

Third-Party Services

The only external service ZDR Chat connects to is OpenRouter. We use no analytics, no tracking scripts, no CDN fonts, and no external embeds. The site is deployed on Cloudflare Pages, which handles DNS and CDN routing — it does not process your application data.

Privacy isn't a policy — it's the product.

If you have questions, concerns, or ideas, reach out on GitHub.