Skip to main content
ZeroTwo is committed to protecting your privacy and ensuring your data is handled securely and transparently. This guide explains how we collect, use, store, and protect your information.

Data collection and use

What data we collect

ZeroTwo collects only the data necessary to provide and improve our services:
Collected during signup:
  • Email address
  • Name (optional display name)
  • Password (encrypted, never stored in plain text)
  • Authentication tokens
Purpose: Account creation, authentication, and communicationRetention: Duration of account existence
Includes:
  • Your messages and prompts
  • AI model responses
  • Conversation metadata (timestamps, model used)
  • File attachments and uploads
Purpose: Provide AI responses, maintain conversation context, enable features like conversation historyRetention: Until you delete conversations or close your account
Includes:
  • Extracted biographical information
  • Project contexts and preferences
  • Technical preferences and patterns
  • See How Memory Works
Purpose: Personalize AI responses across conversationsRetention: Until you modify or delete, or close your account
Includes:
  • Feature usage patterns
  • Performance metrics
  • Error logs and debugging information
  • API call frequencies
Purpose: Improve service performance, identify issues, optimize featuresRetention: Aggregated anonymously after 90 days
Includes (if subscribed):
  • Payment method details (securely stored by payment processor)
  • Billing address
  • Transaction history
Purpose: Process payments and maintain subscriptionRetention: Required duration for financial record-keeping (typically 7 years)
ZeroTwo uses Stripe for payment processing. Credit card details are never stored on ZeroTwo servers—they’re handled entirely by Stripe’s PCI-compliant infrastructure.

What data we don’t collect

ZeroTwo does NOT collect:
  • Passwords in plain text (all encrypted)
  • Payment card details (handled by Stripe)
  • Content of private or deleted conversations
  • Biometric information
  • Location data beyond general timezone
  • Browsing history outside ZeroTwo
  • Social media activity or personal communications

How your data is used

Primary uses

To provide ZeroTwo’s core functionality:
  • Process your prompts with AI models
  • Generate and display responses
  • Maintain conversation context and history
  • Provide Memory and personalization features
  • Enable file uploads and processing
  • Support collaboration in team workspaces

What we don’t do with your data

ZeroTwo will NEVER:
  • ❌ Sell your personal data to third parties
  • ❌ Use your conversations to train AI models without explicit consent
  • ❌ Share your data with advertisers
  • ❌ Read your private conversations unless required for support (with your permission)
  • ❌ Use your data for purposes beyond providing our service
  • ❌ Share data with AI model providers beyond what’s necessary for generating responses

Data storage and security

Storage infrastructure

Encryption
security
At rest: All data encrypted using AES-256 encryption In transit: All connections use TLS 1.3 encryption Backups: Encrypted backups stored in geographically distributed locations
Database security
infrastructure
Provider: Supabase (PostgreSQL) with enterprise security Access: Role-based access control, minimal privilege principle Monitoring: 24/7 security monitoring and intrusion detection Compliance: SOC 2 Type II certified infrastructure
File storage
infrastructure
Provider: Secure cloud storage with encryption Access control: Per-user access controls, signed URLs for temporary access Scanning: Automated malware and virus scanning on uploads Retention: Files retained according to your conversation retention settings

Data isolation

User data isolation:
  • Your conversations are isolated to your account
  • Team data is isolated to your team workspace
  • No cross-user data access or sharing
  • Strict database-level access controls
  • Regular security audits

Security measures

1

Authentication

  • Secure password hashing (bcrypt with high cost factor)
  • Optional two-factor authentication (2FA)
  • Session management with secure tokens
  • Automatic session expiration
2

Authorization

  • Role-based access control (RBAC)
  • Granular permissions for team features
  • Principle of least privilege
  • Regular permission audits
3

Infrastructure

  • DDoS protection
  • Web application firewall (WAF)
  • Regular security patching
  • Penetration testing
  • Incident response procedures
4

Monitoring

  • 24/7 security monitoring
  • Automated threat detection
  • Audit logging of all access
  • Real-time alerts for suspicious activity

Compliance and regulations

GDPR (General Data Protection Regulation)

ZeroTwo is GDPR-compliant for users in the European Union:
Right to access: Request a copy of all your personal dataRight to rectification: Correct inaccurate or incomplete dataRight to erasure: Request deletion of your personal data (“right to be forgotten”)Right to data portability: Export your data in machine-readable formatRight to object: Object to certain types of data processingRight to restriction: Limit how we process your data
To exercise any GDPR rights:
  1. Email: [email protected]
  2. Specify which right(s) you’re exercising
  3. We’ll respond within 30 days
  4. Identity verification may be required
Or use in-app tools:
  • Export data: Settings → Data Export
  • Delete data: Settings → Delete Account
  • Modify data: Settings → Memory Management

CCPA (California Consumer Privacy Act)

For California residents:
Right to know
right
You have the right to know what personal information we collect, use, and share.
Right to delete
right
You can request deletion of your personal information.
Right to opt-out
right
Opt out of the sale of personal information (note: we don’t sell personal information).
Right to non-discrimination
right
We won’t discriminate against you for exercising your privacy rights.

Other compliance frameworks

SOC 2 Type II

Our infrastructure providers are SOC 2 Type II certified, ensuring security, availability, and confidentiality.

HIPAA considerations

ZeroTwo is not HIPAA-compliant. Do not enter protected health information (PHI) in conversations.

PCI DSS

Payment processing compliant through Stripe’s PCI DSS Level 1 certification.

ISO 27001

Our infrastructure follows ISO 27001 information security standards.

Data sharing and third parties

Service providers

We share minimal data with trusted service providers:
Who: OpenAI, Anthropic, Google, etc.What we share: Your prompts and conversation contextPurpose: Generate AI responsesProtection:
  • No data used for model training (per agreements)
  • Encrypted transmission
  • Minimal data retention by providers
  • No personally identifiable information unless you include it
Be cautious about including sensitive information in prompts, as it’s sent to AI model providers to generate responses.

We don’t share with

Zero sharing with:
  • Advertisers or marketing companies
  • Data brokers
  • Social media platforms
  • Third-party AI model training (without consent)
  • Any party for purposes beyond service delivery

Your privacy controls

In-app privacy settings

1

Access privacy settings

Navigate to Settings → Privacy & Data in ZeroTwo.
2

Control data collection

Options:
  • Enable/disable Memory
  • Control conversation history retention
  • Manage file upload privacy
  • Set data sharing preferences
  • Configure analytics opt-in/out
3

Review permissions

Team settings:
  • Control what team members can see
  • Manage shared conversation visibility
  • Set team Memory permissions
4

Configure communications

Email preferences:
  • Essential notifications (required)
  • Product updates (optional)
  • Marketing communications (optional)
  • Security alerts (recommended)

Data retention controls

Options:
  • Keep indefinitely (default)
  • Auto-delete after 30/60/90 days
  • Manual deletion anytime
  • Bulk deletion by date range
Set in: Settings → Data Retention → Conversations

Data export and deletion

Exporting your data

1

Access data export

Settings → Data Export or Settings → Privacy
2

Select data categories

Choose what to export:
  • Conversations (all or by date range)
  • Memory data
  • Account information
  • File attachments
  • Usage data
3

Choose format

  • JSON (machine-readable)
  • Markdown (human-readable)
  • CSV (spreadsheet-compatible)
4

Generate and download

Export is generated and ready for download. Large exports may be emailed as a secure link.

Deleting your data

  1. Select conversations to delete
  2. Click Delete
  3. Confirm permanent deletion
  4. Data removed immediately from active database
  5. Purged from backups within 30 days
  1. Settings → Memory
  2. Select memories to delete or reset categories
  3. Confirm deletion
  4. See Managing Memory
What happens:
  • All conversations permanently deleted
  • All Memory data removed
  • All files deleted
  • Account closed (cannot be recovered)
  • Subscriptions canceled
  • Username released for reuse after 90 days
How to delete:
  1. Settings → Account → Delete Account
  2. Review implications
  3. Enter confirmation phrase
  4. Confirm with password
  5. Account deleted within 48 hours
Account deletion is permanent and cannot be undone. Export your data first if you might want it later.

Breach notification

In the unlikely event of a data breach:
1

Detection and containment

We detect and contain the breach immediately using automated systems and security protocols.
2

Assessment

Determine scope, affected users, and type of data involved.
3

Notification

  • Affected users notified within 72 hours
  • Regulators notified as required by law
  • Public disclosure if legally required
4

Remediation

  • Implement fixes to prevent recurrence
  • Offer affected users assistance (e.g., credit monitoring if financial data involved)
  • Transparent communication about steps taken

Children’s privacy

ZeroTwo is not intended for users under 13 years of age (or under 16 in the EU). We do not knowingly collect information from children. If you believe a child has provided us with personal information, contact [email protected] immediately.

International data transfers

Data location:
  • Primary data centers: United States (for US users) and EU (for EU users)
  • Backup locations: Geographically distributed, encrypted
  • AI model processing: May occur in provider data centers globally
Protection for international transfers:
  • Standard Contractual Clauses (SCCs) for EU data
  • Privacy Shield successor frameworks where applicable
  • Encryption for all data in transit
  • Contractual protections with all service providers

Updates to privacy practices

We may update our privacy practices occasionally:
1

Notification

You’ll be notified of significant changes via email and in-app notification.
2

Review period

30-day review period before changes take effect for existing users.
3

Consent

Continued use constitutes acceptance. You can delete your account if you disagree with changes.
4

Transparency

All privacy policy versions archived and accessible.

Contact and questions

Data protection officer

For privacy questions or concerns: Email: [email protected]
Subject line: “Privacy Inquiry” or “Data Protection Request” Response time: Within 5 business days for acknowledgment, 30 days for complete response

Support channels

Email support

[email protected]
For privacy, security, and data questions

In-app support

Help → Contact Support
For technical and account issues

Documentation

docs.zerotwo.ai
Comprehensive guides and FAQs

Status page

status.zerotwo.ai
Service status and incidents

Additional resources

Terms of Service

Legal terms and conditions

Cookie Policy

How we use cookies and tracking

Security practices

Detailed security information

Transparency report

Data requests and compliance reports
For the most up-to-date privacy policy and detailed legal information, visit zerotwo.ai/privacy.