Last Updated October 9, 2025
Privacy Policy
Your privacy matters to us. This Policy explains what we collect, why we collect it, how we use and share it, and your rights.
.png)
1. Introduction
We, ZeroTB, Inc. (“ZeroTB,” “we,” “us,” or “our”), are committed to protecting your personal information. This Privacy Policy describes how we collect, use, and safeguard your personal data when you use our compliance automation platform, website, and related services (the “Service”).
This Policy is designed to comply with major privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
“Personal information” means information that can identify an individual.
We act as a data controller when you use our website or sign up for ZeroTB directly.
If your employer uses ZeroTB, we may act as their data processor.
By using the Service, you agree to this Policy. If you don’t agree, please don’t use ZeroTB.
2. Information We Collect
Summary: We collect information you provide, information collected automatically, and information from trusted third parties.
a. Information You Provide
Account & Contact Data: Name, email, company, job title, password, and any other info you provide during registration or use.
Uploaded Content: Compliance documents, internal data, or other files you input into the platform.
Support & Communications: Emails, chat, or forms you send to us.
Payment: Collected securely through third-party processors (e.g., Stripe).
b. Information We Collect Automatically
IP address, browser, device type, usage logs, and analytics data (e.g., via PostHog).
Cookies and similar technologies (see our Cookie Policy).
Crash and error logs to maintain security and improve performance.
c. Information From Third Parties
If you connect ZeroTB with third-party tools, we may receive data from those integrations (e.g., Google SSO, AWS evidence imports).
We may also use publicly available business information to pre-populate organizational details for onboarding and personalization.
We do not purchase or sell consumer marketing lists.
3. How We Use Your Information
Summary: We use data to operate and improve ZeroTB, communicate with you, and comply with the law.
We use your information to:
Operate and deliver the Service (e.g., account login, policy generation, payment processing).
Personalize onboarding and product experience, including using public business data.
Communicate essential product updates, security alerts, or marketing (with opt-out options).
Secure and protect the platform from abuse or fraud.
Analyze usage to improve functionality and plan product development.
Comply with legal obligations (e.g., record retention, law enforcement requests).
We do not use your personal information for automated decisions that have legal effects.
4. How We Share Information
Summary: We don’t sell your data. We share it only with trusted partners under strict controls or when required by law.
We may share personal information:
With service providers that support our platform (see Subprocessors)
With third parties at your direction, such as integrations you enable.
Within our company group if needed to operate the platform.
In business transactions, like mergers or acquisitions.
When required by law (e.g., subpoenas, legal processes).
With your consent for anything outside the above.
We do not sell personal information. Aggregated or de-identified data may be used for reporting or product insights.
5. International Data Transfers
Summary: If you’re outside the U.S., your data may be transferred here with legal safeguards.
ZeroTB is based in the U.S and Nepal.
Team Access Outside the U.S.
Some personal data may be accessed by authorized ZeroTB personnel located outside the United States, including our engineering and support team based in Nepal. These team members may access data solely as needed to provide the Service, deliver technical support, or maintain platform security. We apply strict internal security, confidentiality, and access control policies to protect your information, regardless of where our personnel are located. All access is logged and governed by ZeroTB’s data protection standards.
For international transfers, we rely on:
Standard Contractual Clauses approved by the European Commission.
The EU–US Data Privacy Framework for eligible subprocessors.
We ensure transfers are protected as required by law. Where data is accessed from countries not deemed to provide adequate protection, we implement appropriate safeguards consistent with GDPR requirements, including contractual protections and strict access controls.
6. Your Rights and Choices
Summary: You have rights over your data — to access, correct, delete, object, and more.
Depending on your location, you may:
Access and obtain a copy of your data.
Correct or update inaccurate data.
Request deletion of your personal information.
Restrict or object to certain processing.
Opt out of marketing communications.
Request data portability.
Withdraw consent at any time.
To exercise your rights, email us at compliance@zerotb.ai. We may verify your identity before fulfilling requests.
ZeroTB does not discriminate against individuals for exercising their privacy rights.
7. Children’s Privacy
Summary: ZeroTB is not for children under 16.
We do not knowingly collect personal data from anyone under 16. If we learn we’ve collected data from a child, we’ll delete it promptly. Parents or guardians can contact us to request deletion.
8. Data Security
Summary: We use strong technical and organizational measures to protect your data.
TLS encryption in transit
Encrypted storage at rest
Strict access controls & MFA
Monitoring, logging, and regular security testing
Incident response and breach notification protocols
No system is 100% secure. You must also protect your account credentials.
9. Data Retention
Summary: We keep personal data only as long as needed.
Account information is retained while active.
Data is deleted or anonymized upon termination, except where legal obligations apply (e.g., tax, audit logs).
Backups are retained temporarily before deletion.
We retain data only as required for legal, security, or operational reasons.
10. Changes to This Policy
Summary: If we update this Policy, we’ll tell you.
The Effective Date at the top will always reflect the latest version.
We will notify you if we make material changes (e.g., via email or in-app banner).
Continued use of ZeroTB means you accept the updated Policy.
11. Contact Us
ZeroTB, Inc.
2261 Market Street, STE 86549
San Francisco, CA 94114
United States
compliance@zerotb.ai
You can also contact your local privacy regulator if we can’t resolve your concerns but we encourage you to reach out to us first.
We make compliance startup-friendly so you can build trust early without wasting time or cash.