Privacy Policy

1. Scope

This Privacy Policy explains how ZeroTrue collects, uses, stores, discloses, and protects personal data when you use the Service.

It covers account registration, website usage, browser extensions, mobile apps, APIs, Telegram integrations, support interactions, analytics, and report-sharing features.

2. Categories of Data We Collect

Account and identity data: email address, username, OAuth identifiers, Telegram identifiers, organization or workspace details, and similar account information.

Content and report data: text, code, files, URLs, screenshots, images, audio, speech, music, video, prompts, report settings, scores, labels, outputs, and related metadata.

Technical and usage data: IP address, approximate region, device identifiers, browser and OS details, user agent, app version, extension version, API usage logs, timestamps, referring pages, feature usage, and crash or performance data.

Support and communications data: messages, attachments, support tickets, feedback, and survey responses.

Payment and commercial data: if paid features are introduced later, billing-related identifiers and transaction metadata may be collected by us or our payment processors.

3. Sources of Data

Directly from you when you create an account, submit content, generate a report, configure visibility, install an app or extension, contact support, or otherwise use the Service.

Automatically from your browser, device, application, extension, or API client when you interact with the Service.

From third-party services you choose to use for sign-in, platform access, support, analytics, storage, payment, or messaging.

4. Why We Use Personal Data

To provide, operate, maintain, and secure the Service.

To process submitted content and generate reports, scores, and related outputs.

To remember your settings and visibility preferences, including private or share-link report modes.

To detect, prevent, and investigate fraud, abuse, policy violations, security incidents, and illegal activity.

To debug, quality-check, evaluate candidate model performance, improve reliability, and support new model testing.

To communicate with you about service updates, support matters, and legal or policy notices.

To comply with legal obligations and to establish, exercise, or defend legal claims.

5. Legal Bases for EEA and UK Users

Where GDPR or UK GDPR applies, we generally rely on one or more of the following legal bases depending on context: performance of a contract, legitimate interests, consent, and compliance with legal obligations.

Our legitimate interests may include operating the Service, securing systems, preventing abuse, maintaining logs, analyzing reliability, and improving product quality, provided those interests are not overridden by your rights.

6. Public, Shared, and Private Reports

Reports are not publicly listed by default.

If you actively enable or share a report link, anyone with that link may be able to access the linked report until the link is revoked, expires, or the report is deleted.

If you choose a private-check option, sharing may be disabled and shorter retention or deletion settings may apply.

Please do not include unnecessary personal data or sensitive data in content that you intend to share.

7. Model Training and Internal Evaluation

By default, ZeroTrue does not use customer-submitted content to train general-purpose models.

We may use submitted content and report data for internal quality assurance, abuse prevention, security review, debugging, and evaluation of candidate models on the same input under appropriate access controls.

If we later introduce optional training on customer content, we will present that separately and, where appropriate, request opt-in consent.

8. How Long We Keep Data

Source files and raw submitted content are generally retained for no longer than 180 days, unless a shorter period applies or a longer period is reasonably necessary for security, fraud prevention, legal compliance, or dispute resolution.

After that period, source files and raw content may be deleted, aggregated, or irreversibly anonymized.

Reports may remain in a stripped-down or anonymized form without the original files or direct identifiers unless you delete them sooner.

Account records may be kept while your account remains active and for a limited period afterward to support account recovery, security, legal compliance, and recordkeeping.

Security logs, IP logs, user-agent records, deletion records, file hashes, anti-abuse signals, and related metadata may be retained for a limited period where reasonably necessary for fraud prevention, incident response, legal compliance, or the establishment, exercise, or defense of legal claims.

9. Deletion Requests

You may request deletion of your account or personal data using in-product controls or by contacting us.

We will delete or anonymize personal data when required by applicable law, except where we need to retain limited information for security, fraud prevention, legal compliance, dispute resolution, or legal claims.

Backups may persist for a limited time before being overwritten in the ordinary course of business.

10. Cookies and Similar Technologies

We and our service providers may use cookies, local storage, SDKs, pixel tags, and similar technologies for authentication, security, user preferences, analytics, session continuity, diagnostics, and feature delivery.

Where required by law, we will provide notice and obtain consent before using non-essential cookies or similar technologies.

11. How We Share Data

With infrastructure, storage, hosting, analytics, communications, support, security, and payment providers that help us operate the Service.

With other users or the public if you intentionally share a report, publish content, or create a share link.

With professional advisors, auditors, insurers, potential acquirers, or corporate counterparties where reasonably necessary and subject to appropriate safeguards.

With law enforcement, regulators, courts, or other third parties where we reasonably believe in good faith that disclosure is required by law or lawful process, or necessary to prevent harm, fraud, abuse, or legal violations.

12. International Transfers

ZeroTrue currently operates with primary web infrastructure in the United States. Some EEA user content may be stored in EU-region object storage, but account data, support data, analytics, security logs, and some report-related metadata may still be processed in the United States or other countries.

When we transfer personal data internationally, we aim to use lawful transfer mechanisms appropriate to the context, which may include adequacy decisions, Standard Contractual Clauses, or equivalent safeguards.

13. Your Rights

Depending on your location and applicable law, you may have rights to access, correct, delete, restrict, object to certain processing, withdraw consent, portability, and lodge a complaint with a regulator.

California residents may have rights to know, delete, correct, and opt out of certain sharing or sale practices where applicable. ZeroTrue does not currently describe its practices as selling personal information in the ordinary sense, but rights will be honored as required by applicable law.

14. Sensitive Data and High-Risk Uses

Please avoid submitting highly sensitive personal data unless necessary for the Service and permitted by law.

You should not rely on the Service alone for legal, academic, employment, disciplinary, credit, insurance, immigration, or other high-impact decisions.

15. Children

The Service is intended only for users aged 18 and older. We do not knowingly offer the Service to children.

16. Security

We use administrative, technical, and organizational measures designed to protect personal data. However, no method of transmission, storage, or processing is completely secure, and we cannot guarantee absolute security.

17. Third-Party Platforms

Your use of Telegram, Google, Apple, browser stores, OAuth providers, and other third-party platforms is subject to their own terms and privacy policies.

Developer platform rules may require additional store disclosures, permission notices, or data-safety labels beyond this Privacy Policy.

18. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted with a revised effective date. Material changes may be communicated through the Service or other reasonable means.

19. Contact

A full legal notice section, controller details, and address will be completed once ZeroTrue formalizes its legal entity. Until then, privacy requests may be submitted through the contact channels published in the Service.