# ZevGuard Legal Pack

This folder contains the current legal-readiness bundle for ZevGuard.

## Final public documents

- `index.html`: static legal center landing page.
- `PRIVACY_POLICY_IT.md`: Italian Privacy Policy draft.
- `PRIVACY_POLICY_EN.md`: English Privacy Policy draft.
- `PRIVACY_POLICY_ES.md`: Spanish Privacy Policy draft.
- `TERMS_OF_SERVICE_IT.md`: Italian Terms of Service draft.
- `TERMS_OF_SERVICE_EN.md`: English Terms of Service draft.
- `TERMS_OF_SERVICE_ES.md`: Spanish Terms of Service draft.
- `ACCOUNT_DELETION_IT.md`: Italian account deletion request page.
- `ACCOUNT_DELETION_EN.md`: English account deletion request page.
- `ACCOUNT_DELETION_ES.md`: Spanish account deletion request page.
- `DATA_SAFETY_DRAFT.md`: Google Play Data Safety preparation notes.
- `LEGAL_READINESS_CHECKLIST.md`: release checklist.

## Before publishing

1. Replace every `TODO_` placeholder with real publisher/legal details.
2. Confirm the exact backend providers used in production.
3. Confirm whether OpenRouter is called directly or through a backend proxy.
4. Align the Google Play Data Safety form with the final Privacy Policy.
5. Add an in-app account deletion path and a public deletion request URL if accounts are created in-app.
6. Ask a qualified professional to review the drafts before broad release.

## Suggested hosting

Host this folder as static content on a stable public URL, for example:

- Cloudflare Pages
- Firebase Hosting
- GitHub Pages
- Netlify

The Google Play privacy policy URL must be public, active, non-geofenced, and not a PDF.

## Cloudflare Pages direct deploy

From the repository root:

```powershell
npx wrangler login
.\deploy_legal_cloudflare.cmd
```

Default project name: `zevguard-legal`.

Custom project name:

```powershell
.\deploy_legal_cloudflare.cmd -ProjectName "your-project-name"
```

## In-app linking

The app should link to:

- Privacy Policy: `PRIVACY_POLICY_IT.md`, `PRIVACY_POLICY_EN.md`, or `PRIVACY_POLICY_ES.md` depending on language.
- Terms of Service: `TERMS_OF_SERVICE_IT.md`, `TERMS_OF_SERVICE_EN.md`, or `TERMS_OF_SERVICE_ES.md` depending on language.
- Account deletion/help: a public page or support flow controlled by the publisher.

## Security note

Do not ship provider secrets inside the Android APK for public testers. For AI providers and other paid APIs, use a backend proxy with authentication, quota limits, abuse detection, and logging.