Enterprise Security with Browser Simplicity
ZHERO processes everything locally in your browser. Your Zscaler configuration never leaves your environment, and we never store your sensitive data.
Privacy-first by architecture
ZHERO is a Chrome extension that operates entirely within your browser. This is not a policy choice we ask you to trust: it is how the product is built. There are no backend servers processing your configuration, no cloud pipeline, no copy of your policies sitting in someone else's database.
ZHERO is a Chrome extension that operates entirely within your browser environment:
- No backend processing: ZHERO has no servers that receive or process your configuration
- No data storage: your policies and settings are never saved on ZHERO systems
- Local analysis: scoring, reports and security findings are computed client-side
- Direct communication: the extension talks to your Zscaler tenant through the authenticated session you already established, over the same secure HTTPS connection
- Browser sandbox: Chrome’s security model isolates the extension from the rest of your system
ZHERO never sends any of the following to its servers:
- Configuration data or policy details
- URL lists or categories
- User information
- IP addresses or locations
- Traffic data or logs
- Security settings
- Any Zscaler configuration content, of any kind1
The only data sent to ZHERO servers is what license validation requires:
- Customer name
- Cloud name (for example "zscaler.net")
- Primary domain (for example "acme.org")
- User count, for license sizing
- License expiration date
- Administrator name and email
This minimal data is:
- Transmitted over an encrypted HTTPS connection
- Sent only during license checks, on page load
- Stored securely with encryption at rest
- Never shared with third parties
- Deletable upon request, in line with GDPR
For regulated and security-conscious organizations, this architecture removes the hardest question in every vendor review: your sensitive data never leaves your control, so there is nothing for a third party to protect on your behalf.
Third-party services we use
ZHERO relies on a minimal set of operational services, and none of them ever receives configuration data:
Feature flag management and controlled rollouts. It receives only the administrator email and customer name, used for segmentation.
Error logs and crash reports that help us improve stability. Reports contain stack traces and browser information; any sensitive Zscaler configuration data is explicitly redacted.
These services receive only the minimal information necessary for their function. All sensitive configuration data remains excluded from any error reports or service communications.
Future features with optional server communication
As ZHERO evolves, some optional capabilities may involve communication with our servers to enable their functionality. Any such capability will always be:
- Opt-in by default: you must explicitly enable it
- Completely blockable: it can be disabled at any time
- Transparently documented: any data transmission is clearly disclosed
- Privacy-preserving: minimal data sharing, only when necessary
Each capability that requires server communication will be clearly marked, and you will always keep complete control over your data privacy preferences.
ZHERO requests only the browser permissions it needs to read the Zscaler admin console you are already authenticated to. It does not ask for access to your other tabs, your history, or anything beyond its job. The extension uses your existing authenticated Zscaler session: no additional credentials to create, store, or protect.
We take the security of ZHERO itself seriously. If you believe you have found a weakness in the product, report it to security@zhero.ai. We acknowledge reports within two business days.

Want an independent verification? You're in control.
You do not have to take our word for any of this. Because ZHERO is a browser extension, its entire network activity can be audited with the developer tools you already have.
Trust, but verify:
Ready to see for yourself?
Our security team will personally walk you through the verification process, showing you exactly how to audit ZHERO's network activity and confirm every claim on this page.
Schedule a Verification SessionFrequently Asked Questions