Back

Privacy Policy

Last updated: May 25, 2026

This privacy policy explains how Dupe Zappa handles data when you use the Windows desktop app and the Dupe Zappa website.

Controller

MerginIT e.U.
Jonas Fröller
Nussboeckstrasse 92
4060 Leonding
Austria
Email: jonas@merginit.com

Dupe Zappa Desktop App

Dupe Zappa is designed to run locally on your Windows device. The app does not include advertising, third-party tracking, or analytics, and we do not sell personal information.

When you choose files or folders, the app accesses the selected local files only to provide its features, such as duplicate detection, search indexing, disk usage analysis, junk file detection, smart tagging, face grouping, and AI-assisted rename suggestions.

Depending on the features you use, the app may store local app data on your device, such as settings, selected tool paths, scan results, file metadata, hashes, operation history, local search indexes, OCR text, thumbnails, face embeddings, face groups, and smart tags. This data is stored on your device for app functionality and is not sent to MerginIT e.U.

Optional Network Features

Some optional features can contact services that you choose or install. The built-in Ollama integration talks to your local Ollama service, typically on your own device. If you configure a custom AI API endpoint, Dupe Zappa sends the file context needed for AI rename suggestions to that endpoint. You are responsible for the endpoint you configure and should review its privacy practices before using it.

Face recognition model downloads, optional external tool download links, and local model setup actions may connect to third-party sites such as Hugging Face, Ollama, or the official websites of optional tools. Optional update checks and installer or package tooling may also contact Microsoft, GitHub, Cloudflare, or package providers to deliver downloads. Those services process requests under their own policies.

Windows OCR and Local Processing

OCR features use local Windows OCR support and local helper scripts when available. OCR output is used for local search and AI context features you enable. If OCR-dependent features are unavailable, the app disables those settings instead of silently sending data elsewhere.

Website

The Dupe Zappa website provides product information, legal pages, and browser-based demo tools. Hosting providers, browsers, and security infrastructure may process standard technical data such as IP address, request time, URL, user agent, and error logs to deliver the website and protect it from abuse.

The website may use Cloudflare services, including cookie-free performance analytics and network security reporting. Cloudflare may process request metadata, page URL, referrer, user agent, browser performance timings, and similar technical data to provide hosting, security, caching, and analytics for the website. Website analytics are separate from the desktop app; the desktop app does not include third-party analytics.

If you use the browser-based demo tools, selected files and folders are processed in your browser to provide the tool you requested. Depending on the tool, this can include reading file names, relative paths, file contents for hashing, image fingerprints, metadata, EXIF camera data, GPS metadata, and generated export data. Dupe Zappa's browser tools do not upload those selected files, contents, file names, or tool results to MerginIT e.U.; results remain in your browser unless you choose to download or export them.

Legal Bases and Recipients

Where GDPR applies, website processing is based on our legitimate interests in delivering, securing, improving, and understanding the website, or on steps needed to provide downloads, support, and product information you request. Recipients may include hosting, security, analytics, app store, download, package, and user-configured service providers. For optional services you configure, such as a custom AI endpoint, that provider is responsible for its own processing.

Retention and Deletion

Local app data remains on your device until you delete it, reset app settings, delete indexes from inside the app, or remove the app data folder. Uninstalling the app removes the application, but depending on the installer version and your Windows configuration, it may leave local settings, indexes, caches, models, and operation history behind so you can reinstall without losing local state. Data sent to user-configured third-party or local services is controlled by those services.

Your Rights

Depending on your location, you may have rights to access, correct, delete, restrict, object to processing, withdraw consent where processing is based on consent, and receive a portable copy of personal information where portability applies. You may also have the right to lodge a complaint with a data protection authority, including the Austrian Data Protection Authority if you are in Austria. For requests, contact jonas@merginit.com.

Children

Dupe Zappa is not directed to children and is not intended to collect personal information from children.

Changes

We may update this privacy policy when Dupe Zappa changes. The updated version will be published on this page with a new effective date.