Privacy Policy

1. Information We Collect

We collect personal information you provide when you sign in and submit a security audit request, and a limited amount of technical information automatically when you visit the site.

From your account when you sign in:

• Name
• Email address
• Authentication provider identifier (e.g. GitHub user ID) where applicable

From the audit request form:

• Company or organization name (optional)
• Telegram username
• Primary timezone
• GitHub repository URL, and, if you choose to connect the GitHub App for a private repository, an access token scoped to the repositories you authorize
• Timeline preference (including whether you flag the request as a rush order)

Automatically:

• IP address, browser type, device type, and pages visited — logged by our hosting provider for security and basic operation

2. How We Use Your Information

We use the information you provide to:

• Review, scope, and respond to your audit request
• Contact you via email or Telegram about your request
• Access the GitHub repository you authorize, solely to assess and conduct the audit
• Operate, secure, and improve the site

3. Sale or Sharing of Personal Information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising or targeted advertising purposes.

4. Cookies & Tracking

This website does not use advertising cookies, tracking pixels, or third-party advertising scripts. Essential cookies may be used to keep you signed in and to maintain your session while you complete an audit request. These do not track you across other websites.

5. Third-Party Services

We rely on the following third-party services to operate the site and deliver our work:

• Vercel (hosting) — serves the website and logs IP addresses for security
• GitHub — when you sign in with GitHub or connect the GitHub App, GitHub processes your authentication and grants us access to the repositories you authorize
• Telegram — if you provide a Telegram username, we may message you there to coordinate the engagement
• Our email provider — used to reply to your request

These providers process information under their own privacy policies and security commitments.

6. Data Retention

Audit request submissions and related correspondence are retained for the duration of any resulting engagement and for a reasonable period afterwards for follow-up, recordkeeping, and legal obligations. Server and security logs are retained on a short rolling window. You may request deletion of your data at any time, subject to limited exceptions where we are required to retain it.

7. Your Rights

Depending on where you live, you may have the right to:

• Know what personal information we hold about you and how it is used
• Access a copy of your personal information
• Correct inaccurate personal information
• Request deletion of your personal information
• Request portability of your personal information
• Opt out of any future communications from us
• Be free from discrimination for exercising these rights
• Appeal a denial of any of these requests

To exercise any of these rights, email sales@zerocool.ai from the address associated with your account, or contact us using the form on this site. We will verify your request before responding.

8. Global Privacy Control

We recognize the Global Privacy Control (GPC) browser signal as a valid opt-out request. When your browser sends a GPC signal, we treat it as an opt-out of any sale or sharing of personal information, regardless of whether we are otherwise selling or sharing it.

9. Sensitive Personal Information

We do not knowingly collect sensitive personal information (such as government ID numbers, precise geolocation, biometric data, or financial account credentials). Please do not include any sensitive personal information in repositories or messages you share with us.

10. Children

This site and our services are not directed to children under 16, and we do not knowingly collect personal information from children.

11. EU & UK Visitors

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the following applies in addition to the rights above.

Our lawful bases for processing are: performance of a contract or steps taken at your request (when you submit an audit request and we evaluate or carry out the engagement); and legitimate interests in operating and securing the site.

You have the right to access, rectify, erase, restrict, or port your personal information, to object to processing based on legitimate interests, and to lodge a complaint with your local supervisory authority.

Personal information is processed and stored in the United States. We rely on the small-scale, occasional-processing exemption in Article 27(2)(a) GDPR and have not appointed an EU representative. EU and UK clients engaging Zero Cool for an audit will receive a separate Data Processing Agreement at the contract level.

12. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be reflected on this page with a new revision date, and where appropriate we will notify you directly.

13. Contact

Questions about this privacy policy or how we handle your data: sales@zerocool.ai.