ZeroTB, Inc.

Privacy Policy

Effective date:

This Privacy Policy explains how ZeroTB, Inc. (“ZeroTB,” “we,” “us,” or “our”) collects, uses, and protects your personal information when you use our compliance automation platform, website, and related services.

1. Introduction

We, ZeroTB, Inc. (“ZeroTB,” “we,” “us,” or “our”), are committed to protecting your personal information. This Privacy Policy describes how we collect, use, and safeguard your personal data when you use our compliance automation platform, website, and related services (the “Service”).

This Policy is designed to comply with major privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

“Personal information” means information that can identify an individual.

We act as a data controller when you use our website or sign up for ZeroTB directly.

If your employer uses ZeroTB, we may act as their data processor.

By using the Service, you agree to this Policy. If you don’t agree, please don’t use ZeroTB.

2. Information We Collect

Summary: We collect information you provide, information collected automatically, and information from trusted third parties.

a. Information You Provide

  • Account & Contact Data: Name, email, company, job title, password, and any other info you provide during registration or use.
  • Uploaded Content: Compliance documents, internal data, or other files you input into the platform.
  • Support & Communications: Emails, chat, or forms you send to us.
  • Payment: Collected securely through third-party processors (e.g., Stripe).

b. Information We Collect Automatically

  • IP address, browser, device type, usage logs, and analytics data (e.g., via PostHog).
  • Cookies and similar technologies (see our Cookie Policy).
  • Crash and error logs to maintain security and improve performance.

c. Information From Third Parties

  • If you connect ZeroTB with third-party tools, we may receive data from those integrations (e.g., Google SSO, AWS evidence imports).
  • We may also use publicly available business information to pre-populate organizational details for onboarding and personalization.
  • We do not purchase or sell consumer marketing lists.

3. How We Use Your Information

Summary: We use data to operate and improve ZeroTB, communicate with you, and comply with the law.

We use your information to:

  • Operate and deliver the Service (e.g., account login, policy generation, payment processing).
  • Personalize onboarding and product experience, including using public business data.
  • Communicate essential product updates, security alerts, or marketing (with opt-out options).
  • Secure and protect the platform from abuse or fraud.
  • Analyze usage to improve functionality and plan product development.
  • Comply with legal obligations (e.g., record retention, law enforcement requests).

We do not use your personal information for automated decisions that have legal effects.

4. How We Share Information

Summary: We don’t sell your data. We share it only with trusted partners under strict controls or when required by law.

We may share personal information:

  • With service providers that support our platform (see Subprocessors).
  • With third parties at your direction, such as integrations you enable.
  • Within our company group if needed to operate the platform.
  • In business transactions, like mergers or acquisitions.
  • When required by law (e.g., subpoenas, legal processes).
  • With your consent for anything outside the above.

We do not sell personal information. Aggregated or de-identified data may be used for reporting or product insights.

5. International Data Transfers

Summary: If you’re outside the U.S., your data may be transferred here with legal safeguards.

ZeroTB is based in the U.S and Nepal.

Team Access Outside the U.S.

Some personal data may be accessed by authorized ZeroTB personnel located outside the United States, including our engineering and support team based in Nepal. These team members may access data solely as needed to provide the Service, deliver technical support, or maintain platform security. We apply strict internal security, confidentiality, and access control policies to protect your information, regardless of where our personnel are located. All access is logged and governed by ZeroTB’s data protection standards.

For international transfers, we rely on:

  • Standard Contractual Clauses approved by the European Commission.
  • The EU–US Data Privacy Framework for eligible subprocessors.

We ensure transfers are protected as required by law. Where data is accessed from countries not deemed to provide adequate protection, we implement appropriate safeguards consistent with GDPR requirements, including contractual protections and strict access controls.

6. Your Rights and Choices

Summary: You have rights over your data - to access, correct, delete, object, and more.

Depending on your location, you may:

  • Access and obtain a copy of your data.
  • Correct or update inaccurate data.
  • Request deletion of your personal information.
  • Restrict or object to certain processing.
  • Opt out of marketing communications.
  • Request data portability.
  • Withdraw consent at any time.

To exercise your rights, email us at compliance@zerotb.ai. We may verify your identity before fulfilling requests.

ZeroTB does not discriminate against individuals for exercising their privacy rights.

7. Children’s Privacy

Summary: ZeroTB is not for children under 16.

We do not knowingly collect personal data from anyone under 16. If we learn we’ve collected data from a child, we’ll delete it promptly. Parents or guardians can contact us to request deletion.

8. Data Security

Summary: We use strong technical and organizational measures to protect your data.

  • TLS encryption in transit
  • Encrypted storage at rest
  • Strict access controls & MFA
  • Monitoring, logging, and regular security testing
  • Incident response and breach notification protocols

No system is 100% secure. You must also protect your account credentials.

9. Data Retention

Summary: We keep personal data only as long as needed.

  • Account information is retained while active.
  • Data is deleted or anonymized upon termination, except where legal obligations apply (e.g., tax, audit logs).
  • Backups are retained temporarily before deletion.

We retain data only as required for legal, security, or operational reasons.

10. Changes to This Policy

Summary: If we update this Policy, we’ll tell you.

The Effective Date at the top will always reflect the latest version.

We will notify you if we make material changes (e.g., via email or in-app banner).

Continued use of ZeroTB means you accept the updated Policy.

11. Contact Us

ZeroTB, Inc.

2261 Market Street, STE 86549
San Francisco, CA 94114
United States

compliance@zerotb.ai

You can also contact your local privacy regulator if we can’t resolve your concerns but we encourage you to reach out to us first.