Privacy Policy

ZeroTrace values privacy and security. This Privacy Policy explains how we collect, use, store, and protect personal data when you visit our website, use our dashboard, or use any ZeroTrace service.

We may update this Policy at any time. Changes take effect when posted. Continued use of ZeroTrace means you accept the latest version.

This Policy is informational and not legal advice. Your obligations may differ depending on your jurisdiction and use case.

This Policy applies to:

• Individuals using ZeroTrace (personal accounts)
• Customers purchasing hardware, software, or licenses
• Visitors browsing our website
• Support contacts communicating with our team

If you deploy ZeroTrace in an organization (e.g., internal security testing), you may also need a Data Processing Agreement (DPA).

ZeroTrace is not intended for children under 13 (or under 16 in the EU/EEA). We do not knowingly collect personal data from children. If you believe a child has provided data, contact us so we can remove it.

We may collect the following categories:

• Account data: email, username, account ID, hashed password, authentication/session tokens
• Billing data: billing status, invoices/receipts, payment confirmation (payment processing is handled by third parties like Stripe)
• Support data: messages you send us, attachments you provide, troubleshooting logs you choose to share
• Service/security data: IP address (for security/fraud prevention), timestamps, abuse detection signals, rate-limit logs
• User-provided content (if you enable/submit it): data you upload or synchronize through the Service. This can include security telemetry or event logs depending on the product and configuration.

ZeroTrace processes data on our servers to provide the Service (authentication, storage, synchronization, support handling, abuse prevention, and operational security). This includes processing for international users.

• We process only what is needed to run and secure the Service.
• Access is restricted to authorized personnel and systems on a need-to-know basis.
• We do not sell personal data.

• Provide and maintain account, dashboard, licensing, and delivery functionality
• Process purchases, prevent fraud/abuse, and handle disputes
• Provide customer support and troubleshoot issues
• Secure the Service (logging for security, rate-limiting, monitoring for abuse)
• Comply with legal obligations where applicable

Where GDPR applies, we rely on one or more of:

• Contract: to deliver the Service you request
• Legitimate interests: to secure, improve, and prevent abuse of the Service
• Consent: where you choose to enable optional features or communications
• Legal obligation: where we must retain or disclose information by law

We do not sell your personal data. We share data only with trusted service providers when necessary to operate ZeroTrace (e.g., hosting, email delivery, payment processing like Stripe), or when required by law.

• Service providers act under contractual obligations and access limitations.
• We may disclose information to comply with valid legal process.
• We may challenge overbroad or inappropriate requests when possible.

ZeroTrace supports international users, and your data may be processed or accessed in countries outside your own. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) to protect transferred personal data.

• Encryption in transit (TLS) and access controls
• Least-privilege access and security monitoring
• Operational controls to prevent unauthorized access
• Data minimization where feasible

No system is 100% secure. You use the Service at your own risk.

We retain personal data only as long as necessary to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, and maintain security. Data is deleted or anonymized when no longer needed.

Depending on your location, you may have rights including:

• Access: request a copy of your data
• Rectification: correct inaccurate data
• Erasure: request deletion (subject to legal/security requirements)
• Restriction: limit processing in certain cases
• Objection: object to certain processing
• Portability: receive your data in a portable format (where applicable)
• CCPA/CPRA: additional rights for California residents (we do not sell personal data)

To exercise rights, contact admin@zerotrace.pw.

We may disclose data if required by law, legal process, or to protect the rights, safety, and security of ZeroTrace, our users, or the public. Where possible, we attempt to narrow, challenge, or push back on inappropriate requests.

Privacy questions and requests can be sent to admin@zerotrace.pw.