Privacy Policy

1. Introduction

ZeroLeaks ("Company," "we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access our website, applications, and services (collectively, the "Services").

This Privacy Policy applies to all users of our Services, including visitors to our website and subscribers to our security assessment services. Please read this policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

2. Information We Collect

2.1 Personal Information

We may collect the following categories of personal information:

• Identity Data: Full name, job title, company name, and professional credentials.
• Contact Data: Email address, telephone number, and business address.
• Account Data: Username, password, account preferences, and authentication information.
• Financial Data: Payment card details, billing address, and transaction history (processed securely through our payment processors).
• Communications Data: Correspondence with our support team and service-related communications.

2.2 Technical Data

When you access our Services, we automatically collect certain technical information:

• IP address and geographic location
• Browser type, version, and settings
• Operating system and device information
• Referring website or source
• Pages visited and navigation patterns
• Date, time, and duration of visits
• Error logs and performance data

2.3 Security Assessment Data

In the course of providing our security assessment services, we process the following in real-time (but do NOT store):

• System prompts and instructions (processed in real-time, never stored)
• Model configurations and parameters (processed in real-time, never stored)
• API endpoints provided for assessment

We retain only:

• Vulnerability assessment results and findings
• Scan metadata (timestamps, severity scores, status)
• Remediation recommendations

Your system prompts and proprietary AI instructions are NEVER stored on our servers. All prompt analysis occurs in real-time during the scan, and no copies are retained after the assessment completes.

3. How We Collect Information

We collect information through the following methods:

• Direct Provision: When you register for an account, subscribe to our services, complete forms, or communicate with us.
• Automated Collection: Through cookies, web beacons, and similar tracking technologies when you interact with our Services.
• Service Usage: When you submit AI systems for security assessment or use our platform features.
• Third-Party Sources: From analytics providers, payment processors, and business partners who provide services on our behalf.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to fulfill our contractual obligations to you.
• Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our Services and preventing fraud.
• Legal Compliance: Processing necessary to comply with applicable laws and regulations.
• Consent: Where you have provided explicit consent for specific processing activities.

5. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, maintain, and improve our Services and security assessments.
• To process subscriptions, payments, and related transactions.
• To communicate with you regarding your account, services, and support requests.
• To send important notices, including security alerts and policy updates.
• To analyze usage patterns and optimize user experience.
• To detect, prevent, and address technical issues, fraud, and security threats.
• To comply with legal obligations and enforce our terms.
• To develop new products, services, and features based on aggregated, anonymized insights.

We do not sell your personal information or AI System Data to third parties for marketing, advertising, or any other purposes.

6. Disclosure of Information

We may share your information only in the following limited circumstances:

• Service Providers: With trusted third-party vendors who perform services on our behalf, such as payment processing, hosting, and analytics, subject to strict confidentiality agreements.
• Legal Requirements: When required by law, subpoena, court order, or other legal process, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, where your information may be transferred as a business asset.
• With Your Consent: When you have explicitly authorized us to share information with specific third parties.

7. Data Security

We implement industry-standard technical and organizational security measures to protect your personal data and AI System Data, including:

• Encryption of data in transit and at rest (AES-256)
• Secure access controls and authentication mechanisms
• Regular security audits and vulnerability assessments
• Employee training on data protection practices
• Incident response and breach notification procedures

While we strive to protect your information using commercially reasonable safeguards, no method of transmission or storage is completely secure. We cannot guarantee absolute security of your data.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• Account Data: Retained for the duration of your subscription and for a reasonable period thereafter to support reactivation requests.
• System Prompts: Never stored. Processed in real-time during scans only.
• Scan Results: Vulnerability reports and metadata retained for the duration of your subscription to enable historical reporting.
• Financial Data: Retained as required by applicable tax and accounting regulations (typically seven (7) years).
• Technical Data: Retained for up to twelve (12) months for analytics and security purposes.

9. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.
• Right to Restrict Processing: Request limitation of how we process your personal data.
• Right to Data Portability: Request transfer of your personal data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at support@zeroleaks.io. We will respond to your request within thirty (30) days.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities and to personalize your experience. Types of cookies we use include:

• Essential Cookies: Required for the operation of our website and cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our website.
• Functional Cookies: Remember your preferences and settings.

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of our Services.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. When we transfer data internationally, we implement appropriate safeguards, including Standard Contractual Clauses approved by relevant authorities, to ensure your data receives adequate protection.

12. Children's Privacy

Our Services are not intended for individuals under the age of eighteen (18). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will take steps to delete such information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. For significant changes, we may provide additional notice via email.

We encourage you to review this Privacy Policy periodically. Your continued use of our Services after any changes constitutes your acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For users in the European Union, you have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.