1. Overview
Zoho CRM Deluge Assistant is a Chrome extension built by Aaxonix Tech for Zoho CRM developers. It provides static code analysis, AI-powered code review, schema-aware autocomplete, an impact radar for workflow dependencies, and optional GitHub version control — all running inside the Zoho CRM interface.
This policy explains what data the extension collects, how it is used, where it is stored, and which third-party services receive it.
2. Data Collected
The extension collects only the data required to deliver its features. No data is collected passively or in the background.
CRM Schema Snapshot
- Module names and field API names from your Zoho CRM organisation
- Custom function names and the workflow automations that reference them
- Your Zoho CRM Organisation ID and Organisation name
This data is delivered to the extension by a Zoho CRM widget running inside the CRM interface via the browser's postMessage API. The extension makes no direct API calls to Zoho CRM.
Deluge Source Code
- The content of the Deluge function open in the CRM editor, read at the moment you trigger an action (e.g. clicking "Analyse" or "Commit to GitHub")
- The function name and editor context (e.g. custom function, workflow function)
User-Configured Credentials
- Your AI provider API key (Anthropic, OpenAI, or a custom endpoint URL)
- Your GitHub personal access token, repository owner, repository name, and branch
- Your preferred AI model and provider selection
Data Not Collected
- CRM records (leads, contacts, accounts, deals, or any record data)
- Zoho login credentials or session tokens
- Browsing history or activity outside Zoho CRM editor pages
- Usage analytics, telemetry, or crash reports
- Any data from websites other than Zoho CRM domains
3. How Your Data Is Used
| Data | Purpose |
|---|---|
| CRM schema snapshot | Powers schema-aware autocomplete, validates module and field names in static analysis, and builds AI prompt context |
| Deluge source code | Runs local static analysis; sent to your configured AI provider for code review; committed to your GitHub repository |
| AI API key | Authenticates requests sent directly from your browser to the AI provider you selected |
| GitHub token and repo details | Authenticates and writes code commits to the GitHub repository you configured |
All AI and GitHub actions are triggered only by explicit user actions (button clicks). The extension never sends data automatically or in the background.
4. Data Storage
| Data | Where It Is Stored | Scope |
|---|---|---|
| CRM schema snapshot | chrome.storage.local (on your device) |
Local — not synced across devices |
| AI provider, API key, model, custom URL | chrome.storage.sync (Chrome's encrypted sync storage) |
Synced across your signed-in Chrome devices via Google's infrastructure |
| GitHub token, owner, repo, branch, project list | chrome.storage.sync (Chrome's encrypted sync storage) |
Synced across your signed-in Chrome devices via Google's infrastructure |
No data is stored on any server owned or operated by Aaxonix Tech. Data stored in chrome.storage.sync is subject to Google's Privacy Policy.
5. Data Sharing — Third-Party Services
The extension shares data with the following third-party services only when you explicitly trigger the relevant feature. You configure which services are active in the extension Options page. If you do not configure a service, no data is sent to it.
| Third Party | Data Sent | Trigger | Privacy Policy |
|---|---|---|---|
Anthropic (Claude API)api.anthropic.com |
Deluge code (up to 1,500 lines), function name, CRM module and field names as prompt context, your Anthropic API key | Clicking "Analyse + AI" or "Explain" with Claude selected as AI provider | anthropic.com/privacy |
OpenAIapi.openai.com |
Deluge code (up to 1,500 lines), function name, CRM module and field names as prompt context, your OpenAI API key | Clicking "Analyse + AI" or "Explain" with OpenAI selected as AI provider | openai.com/policies/privacy-policy |
| Custom LLM endpoint (URL you provide) |
Deluge code, function name, CRM module and field names, your API key for that endpoint | Clicking "Analyse + AI" or "Explain" with a custom provider configured | Governed by the privacy policy of your chosen provider |
GitHubapi.github.com |
Deluge code content, function name, Organisation ID, project name, commit message, your GitHub personal access token | Clicking the "Git" button to commit code, or viewing or restoring git history | GitHub Privacy Statement |
No data is shared with Aaxonix Tech. The extension does not relay data through any intermediary server. All API calls go directly from your browser to the service listed above.
6. Permissions Justification
| Permission | Why It Is Needed |
|---|---|
storage |
Store the CRM schema snapshot locally and save user settings (AI provider, API keys, GitHub credentials) |
sidePanel |
Display analysis results and Git controls in the Chrome side panel |
activeTab / tabs |
Identify the active Zoho CRM tab so the extension knows which page to inject into |
scripting |
Inject scripts into the CRM editor page (MAIN world) to access the CodeMirror editor object and read or write Deluge code |
*.zoho.com and regional variants |
Required to run the content script and read the editor across all Zoho CRM regional domains |
api.anthropic.com, api.openai.com, api.github.com |
Required for the browser to make direct API calls to AI providers and GitHub on your behalf |
7. Data Retention
- The CRM schema snapshot is stored in your browser until you clear it manually or uninstall the extension.
- Settings and credentials in
chrome.storage.syncare retained until you remove them in Options or uninstall the extension. - Aaxonix Tech does not retain any of your data as no data is sent to us.
- Data sent to third-party AI providers is subject to their own retention policies. See the links in Section 5.
- Data committed to GitHub is retained in your repository until you delete it.
8. Data Security
- All network requests made by the extension use HTTPS.
- API keys and tokens are stored in Chrome's built-in sandboxed storage, protected by your device's OS-level security.
- The extension does not log, transmit, or expose credentials to any party other than the specific API endpoint they authenticate.
9. Children's Privacy
This extension is intended for professional software developers. It is not directed at children under the age of 13. Aaxonix Tech does not knowingly collect personal data from children.
10. Changes to This Policy
If we make material changes to this policy, we will update the effective date at the top of this page and publish the revised policy at the same URL. Continued use of the extension after changes are posted constitutes acceptance of the updated policy.
11. Contact
For questions or concerns about this privacy policy or how the extension handles your data, contact us at:
- Company: Aaxonix Tech, Pune, Maharashtra, India
- Email: hello@aaxonix.com
- Website: aaxonix.com
- Contact page: aaxonix.com/contact.html