Privacy Policy

1. Introduction

ZeroTB, Inc. ("ZeroTB," "we," "us," or "our") is committed to protecting the privacy of individuals who interact with our website, platform and services. This Privacy Policy describes how we collect, use, disclose and safeguard your personal information when you visit zerotb.org, use the ZeroTB security and compliance platform, or otherwise interact with us.

We have designed our services from the ground up with data protection in mind. As a company that helps organizations achieve compliance with frameworks including SOC 2, ISO 27001, HIPAA and PCI DSS, we hold ourselves to the same standards we help our customers achieve.

Please read this Privacy Policy carefully. By accessing or using our services, you acknowledge that you have read, understood and agree to our collection, storage, use and disclosure of your personal information as described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access the site or use our services.

2. Definitions

For the purposes of this Privacy Policy:

Personal Information means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.
Service Data means data that our customers upload, submit, store, send or receive through the ZeroTB platform in the course of using our services, including log data, security telemetry, configuration data and compliance evidence.
Account Data means information you provide when creating or managing a ZeroTB account, including name, email address, organization name and billing information.
Usage Data means information automatically collected about how you access and use the ZeroTB platform, including IP addresses, browser types, referring URLs, pages visited and timestamps.

3. Information We Collect

3.1 Information You Provide Directly

We collect information you provide directly to us, including:

Account registration: When you create an account, we collect your name, email address, password, company name, job title and phone number.
Payment information: When you subscribe to a paid plan, we collect payment card details and billing address. Payment processing is handled by our PCI DSS-compliant payment processor. We do not store full payment card numbers on our systems.
Communications: When you contact us via email, phone or the contact form on our website, we collect the content of your communication and any personal information you include.
Support requests: When you submit a support ticket, we collect your name, email address, account details and the description of your issue.
Survey and feedback responses: When you respond to surveys, provide product feedback or participate in research, we collect the information you provide.

3.2 Information Collected Automatically

When you access our website or platform, we automatically collect certain technical and usage information, including:

Log data: IP address, browser type and version, operating system, referral URLs, pages accessed, time and date of access, time spent on pages and other diagnostic data.
Device information: Information about the device you use to access our services, including hardware model, operating system version, unique device identifiers and mobile network information.
Cookies and similar technologies: We use cookies, web beacons, pixels and similar tracking technologies to collect information about your interactions with our website and platform. See our Cookie Policy for detailed information.
Analytics data: Information about your use of platform features, including features accessed, actions taken, reports generated and integrations configured.

3.3 Service Data

In the course of providing our services, we process Service Data that our customers upload to the ZeroTB platform. This data typically includes security logs, cloud configuration data, access control information and other operational data from our customers' environments. We process Service Data only as directed by our customers and in accordance with our Data Processing Agreement. We do not use Service Data for any purpose other than providing the services requested by our customers.

3.4 Information from Third Parties

We may receive information about you from third parties, including:

Identity verification and fraud prevention service providers
Publicly available databases and sources
Business partners and resellers who refer customers to us
Social networks and platforms, if you choose to connect them to your account

4. How We Use Your Information

We use the personal information we collect for the following purposes:

4.1 Providing and Improving Our Services

Creating and managing your account
Processing transactions and sending related information, including purchase confirmations and invoices
Providing customer support and responding to your inquiries
Sending technical notices, updates, security alerts and administrative messages
Monitoring and analyzing usage patterns to improve our services
Detecting, investigating and preventing fraudulent transactions and other illegal activities
Debugging and fixing issues with the platform

4.2 Communications and Marketing

Sending promotional communications about ZeroTB products, services, features and events that may be of interest to you, subject to applicable marketing laws and your communication preferences
Sending newsletters, security research and industry insights that you have requested
Inviting you to participate in surveys, focus groups and product feedback sessions

You may opt out of receiving promotional communications at any time by following the unsubscribe instructions in any marketing email, or by contacting us at privacy@zerotb.org.

4.3 Legal and Compliance Purposes

Complying with applicable laws, regulations and legal processes
Enforcing our terms and conditions and other policies
Protecting the rights, property and safety of ZeroTB, our customers and the public
Responding to lawful requests from law enforcement and regulatory authorities

5. How We Share Your Information

We do not sell, rent or trade your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:

5.1 Service Providers

We share information with third-party vendors and service providers that perform services on our behalf, such as payment processing, data analytics, email delivery, hosting services, customer service and identity verification. These service providers are contractually required to use your information only to perform services for us and in accordance with our instructions.

5.2 Business Transfers

If ZeroTB is involved in a merger, acquisition, financing, reorganization, bankruptcy or sale of company assets, your information may be sold or transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

5.3 Legal Requirements

We may disclose your information if we believe disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements.

5.4 Protection of Rights

We may disclose your information if we believe your actions are inconsistent with our user agreements or policies, or to protect the rights, property and safety of us or others.

5.5 With Your Consent

We may share information about you with third parties when you give us your consent to do so.

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data and whether we can achieve those purposes through other means, and applicable legal requirements.

When you close your account, we will delete or anonymize your personal information within 90 days, except where we are required to retain it for legal or regulatory purposes. Service Data is deleted within 30 days of contract termination, unless a longer retention period is requested by the customer or required by law.

7. Data Security

ZeroTB takes the security of your personal information seriously. We implement a comprehensive set of technical, administrative and physical security measures designed to protect your information against unauthorized access, alteration, disclosure or destruction.

Our security measures include:

Encryption of data at rest using AES-256 and in transit using TLS 1.3
Multi-factor authentication for platform access
Role-based access controls limiting employee access to personal information
Regular penetration testing and vulnerability assessments
SOC 2 Type II certification, audited annually by an independent third party
Formal information security policies and employee security training
Incident response procedures for security breaches

Despite these measures, no security system is impenetrable. We cannot guarantee the absolute security of your information. If you have reason to believe that your interaction with us is no longer secure, please immediately contact us at privacy@zerotb.org.

8. International Data Transfers

ZeroTB is headquartered in the United States. If you access our services from outside the United States, your information will be transferred to and processed in the United States, which may have different data protection laws than your country of residence.

For customers in the European Economic Area (EEA), United Kingdom or Switzerland, we rely on Standard Contractual Clauses approved by the European Commission as the legal basis for international transfers of personal data. We also maintain Privacy Shield certification where applicable and enter into appropriate data processing agreements with our service providers.

9. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information. These may include:

Access: The right to request a copy of the personal information we hold about you.
Correction: The right to request correction of inaccurate or incomplete personal information.
Deletion: The right to request deletion of your personal information in certain circumstances.
Portability: The right to receive your personal information in a structured, commonly used, machine-readable format and to transmit it to another controller.
Objection: The right to object to processing of your personal information for certain purposes, including direct marketing.
Restriction: The right to request restriction of processing of your personal information in certain circumstances.
Withdrawal of consent: Where processing is based on consent, the right to withdraw consent at any time.

To exercise any of these rights, please contact us at privacy@zerotb.org. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

10. Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to delete that information. If you believe we have collected information from a child under 16, please contact us at privacy@zerotb.org.

11. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect about you, the right to delete personal information we have collected about you, the right to opt out of the sale or sharing of your personal information, and the right to non-discrimination for exercising your privacy rights.

We do not sell personal information as defined under the CCPA/CPRA. To exercise your California privacy rights, contact us at privacy@zerotb.org or write to us at 737 N Michigan Avenue, Suite 1200, Chicago, IL 60611.

12. GDPR Compliance (EU/EEA Residents)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the following additional provisions apply under the General Data Protection Regulation (GDPR) or equivalent local legislation.

Legal Basis for Processing: We process personal data based on one or more of the following legal bases: (a) contract - processing is necessary to perform a contract with you; (b) legitimate interests - processing is in our legitimate business interests; (c) consent - you have provided consent; or (d) legal obligation - processing is necessary for compliance with a legal obligation.

Data Protection Officer: You may contact our Data Protection Officer at privacy@zerotb.org regarding any matters related to the processing of your personal data.

Supervisory Authority: If you believe our processing of your personal data violates applicable law, you have the right to lodge a complaint with the supervisory authority in your country of residence or where the alleged infringement occurred.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements and other factors. When we make material changes to this policy, we will notify you by email (if we have your email address) and by posting a prominent notice on our website prior to the changes taking effect. The date at the top of this policy indicates when it was last revised.

Your continued use of our services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

14. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

ZeroTB, Inc.
Attention: Privacy Team
737 N Michigan Avenue, Suite 1200
Chicago, IL 60611
United States

Email: privacy@zerotb.org
Phone: +1 (312) 555-4720