Privacy Policy | ZeroSight AI

Interpretation and Definitions

Interpretation

This Privacy Policy describes how ZeroSight AI collects, uses, discloses, and protects information when You access or use the Service. It also explains Your privacy rights and how applicable law may protect You.

ZeroSight AI provides an AI chat workspace with server-side privacy scanning, PII detection, configurable privacy modes, Smart Mask, audit logs, and workspace controls. By accessing or using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

The words with initial capital letters have the meanings defined below. The definitions apply whether the words appear in singular or plural.

Definitions

For the purposes of this Privacy Policy:

Account means a unique account created for You to access the Service or parts of the Service.
Affiliate means an entity that controls, is controlled by, or is under common control with a party.
Company (referred to as "the Company", "We", "Us", or "Our") refers to ZeroSight AI.
Cookies means small files placed on Your Device by a website, which may contain browsing or session information.
Device means any device that can access the Service, such as a computer, mobile phone, tablet, or browser-enabled device.
Personal Data means any information that relates to an identified or identifiable individual.
Privacy Scanner means the automated detection, masking, warning, blocking, highlighting, and related privacy enforcement features made available through the Service.
Service means the ZeroSight AI website, application, AI chat workspace, privacy scanner, and related services.
Service Provider means any natural or legal person who processes data on behalf of the Company, including infrastructure, authentication, email, analytics, payment, support, and AI service providers.
Third-party AI Provider means any third-party model provider, AI gateway, or related service used to generate AI responses through the Service.
Third-party Social Media Service means a third-party identity provider or social login service through which You may create an Account or sign in, such as Google or Microsoft.
Usage Data means data collected automatically from use of the Service or from the Service infrastructure.
Website means the public ZeroSight AI website.
Workspace means an organization, team, or personal workspace inside the Service.
You means the individual accessing or using the Service, or the company or other legal entity on behalf of which such individual accesses or uses the Service.

Collecting and Using Your Personal Data

Types of Data Collected

Account Information

While using the Service, We may ask You to provide certain information that can be used to contact or identify You. This may include:

Name
Email address
Password or authentication credentials, stored in protected form and never as plaintext passwords
Organization or Workspace affiliation
Role, membership, invite, and billing status within a Workspace
Communication details You provide when contacting Us or requesting support

Usage Data

Usage Data is collected automatically when using the Service. Usage Data may include:

IP address
Browser type and version
Device type, operating system, and diagnostic information
Pages or routes visited inside the Service
Time and date of visits
Session and feature usage patterns
Chat, model, privacy mode, and Workspace activity metadata
Error, security, and performance logs

When You access the Service through a mobile device or browser, We may collect certain information automatically, including the type of device, operating system, browser, unique device identifiers, and other diagnostic data.

Chat Content and Privacy Scanner Data

The Service is designed to process AI chat messages and apply privacy enforcement before eligible content is sent to Third-party AI Providers. Depending on Your selected privacy mode, Workspace policy, and product configuration, We may process:

Messages, prompts, and responses sent through the Service
PII detection results, including entity type, confidence score, character position, risk score, and detection source
Privacy enforcement actions, including block, warn, highlight, Smart Mask, or related actions
Audit logs recording privacy events, policy decisions, model usage, token usage, and Workspace activity
Replacement maps used for Smart Mask. Where replacement maps must be persisted for product reliability, resumable streaming, or continuity, they are encrypted before storage and are subject to time-limited retention controls.

Client-side scanning may be used to provide immediate visual feedback, but server-side enforcement is the primary privacy control.

The Service may allow You to create an Account or sign in through Third-party Social Media Services or identity providers, including Google and Microsoft.

If You choose to sign in through such services, We may collect Personal Data already associated with Your third-party account, such as Your name, email address, profile image, and account identifier. We use this information to create or manage Your Account, authenticate You, and provide the Service.

Tracking Technologies and Cookies

We use Cookies and similar technologies to provide, secure, improve, and analyze the Service. These technologies may include Cookies, local storage, web beacons, tags, scripts, and similar tools.

Cookies may be Session Cookies or Persistent Cookies. Session Cookies are deleted when You close Your browser. Persistent Cookies remain on Your Device until deleted or expired.

We may use:

Necessary Cookies: Required to authenticate users, maintain sessions, prevent fraud, and provide requested features.
Functionality Cookies: Used to remember choices such as login state, theme preference, Workspace selection, or similar settings.
Security Cookies: Used to protect Accounts, detect abuse, and support secure access.
Analytics Cookies: Used to understand Service usage, improve performance, and identify issues.

You can instruct Your browser to refuse Cookies or indicate when a Cookie is being sent. If You refuse Cookies, some parts of the Service may not function properly.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

To provide, maintain, and improve the Service.
To create and manage Your Account.
To authenticate You and protect Account security.
To operate AI chat, model selection, privacy modes, Smart Mask, audit logs, and Workspace controls.
To enforce Workspace policies and privacy settings selected by You or Your administrators.
To process billing, subscriptions, invoices, usage limits, and payment-related communications.
To contact You with service updates, security notices, support messages, billing notices, and important operational communications.
To respond to Your requests, support inquiries, and enterprise contact submissions.
To monitor, prevent, and investigate abuse, security incidents, fraud, or violations of Our Terms.
To analyze usage trends and improve product reliability, performance, detection quality, and user experience.
To comply with legal obligations, resolve disputes, and enforce Our agreements.
To evaluate or conduct a merger, financing, acquisition, restructuring, sale, or transfer involving all or part of Our business.

Privacy Scanner and Sensitive Information

ZeroSight AI is designed to reduce privacy risk, but no automated privacy or PII detection system is perfect. The Privacy Scanner, Smart Mask, warning, blocking, highlighting, output scanning, and related features may make mistakes. They may miss sensitive information, incorrectly classify non-sensitive text, or fail to mask, block, warn about, or remove all sensitive data in every situation.

By submitting messages, prompts, files, or other content to the Service, You acknowledge that automated detection may be incomplete or inaccurate. You represent that You have the rights, authority, permissions, consents, or other lawful basis required to provide that content to the Service. You remain responsible for reviewing content before submission, selecting appropriate privacy modes, following Your organization's policies, and deciding whether sensitive, confidential, regulated, or personal information should be submitted.

You should not submit highly sensitive, regulated, confidential, or personal information unless You are authorized to do so and accept the risk that automated privacy controls may be imperfect.

Smart Mask and Server-Side Enforcement

When Smart Mask is active, the Service attempts to replace detected sensitive values with placeholders before eligible content is sent to Third-party AI Providers. The AI model receives the masked version, and the Service may restore original values in the rendered response where technically possible.

All privacy enforcement is intended to occur server-side. Client-side scanning is used for feedback and user experience, but it is not the security boundary. Workspace policy, selected privacy mode, model settings, and server-side processing determine how content is handled.

We may share Your Personal Data in the following situations:

With Service Providers: We may share information with providers that support hosting, infrastructure, authentication, email delivery, analytics, payments, customer support, security, and AI functionality.
With Third-party AI Providers: When Your selected privacy mode and Workspace policy allow content to be sent to an AI model, We may transmit the processed prompt or message to a Third-party AI Provider. Depending on the mode, this may be raw, highlighted, warned, redacted, blocked, or masked content.
With Workspace Administrators: If You use the Service through a Workspace, authorized administrators may access Workspace settings, member information, usage data, billing details, audit logs, and privacy event metadata.
For Business Transfers: We may share or transfer information in connection with any merger, financing, acquisition, sale of assets, restructuring, or similar business transaction.
With Affiliates: We may share information with Affiliates that are required to honor this Privacy Policy.
For Legal Reasons: We may disclose information where required by law or in response to valid legal requests.
With Your Consent: We may disclose information for any other purpose with Your consent.

We do not sell Personal Data in the ordinary operation of the Service.

Third-Party AI Providers

The Service integrates with Third-party AI Providers and gateways to generate AI responses. Privacy modes are designed to reduce what those providers receive:

Block mode: The blocked message is not sent to the AI provider.
Smart Mask mode: Detected sensitive values are replaced with placeholders before the AI provider receives the prompt.
Warn mode: You may be shown detected risk before deciding whether to proceed.
Highlight mode: Sensitive values may be highlighted for Your awareness, but the original content may still be sent if You proceed.

We do not control the privacy or security practices of Third-party AI Providers. Their services may be governed by their own terms and privacy policies.

Workspace Administrators

If You access the Service through a Workspace, Your Workspace owner or administrator may:

Invite, remove, or manage members.
Configure Workspace model settings and privacy policies.
Review billing, usage, and member activity.
Access audit logs and privacy event metadata.
View aggregated analytics for chats, scans, model usage, and policy decisions.

Your use of the Service may also be subject to Your organization's internal policies.

Retention of Your Personal Data

The Company retains Personal Data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Chat messages, Workspace records, billing records, audit logs, and privacy event metadata may be retained according to product settings, compliance needs, legal obligations, and Workspace policies. Deleted records may be retained for a limited period before permanent deletion to support recovery, security, billing, abuse prevention, or legal compliance.

Usage Data may be retained for internal analysis, security, and service improvement. Replacement maps used for Smart Mask are encrypted where persisted and are intended to be retained only for as long as necessary to provide the relevant product behavior.

Transfer of Your Personal Data

Your information, including Personal Data, may be processed at Company operating locations and in other places where Service Providers, infrastructure providers, or Third-party AI Providers are located. This means information may be transferred to and maintained on systems located outside Your state, province, country, or other governmental jurisdiction.

By using the Service and submitting information, You consent to such transfers. We take reasonable steps designed to ensure that Your data is treated securely and in accordance with this Privacy Policy.

Delete Your Personal Data

You may have the right to delete or request that We assist in deleting Personal Data that We have collected about You. The Service may provide Account, Workspace, chat, and deletion controls that allow You to manage or delete certain information.

You may also contact Us to request access to, correction of, or deletion of Personal Data You have provided. We may need to retain certain information where We have a legal obligation, contractual obligation, legitimate business need, security need, billing need, or other lawful basis to do so.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition, financing, restructuring, or asset sale, Your Personal Data may be transferred. We will provide notice where required by law before Your Personal Data becomes subject to a materially different privacy policy.

Law Enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities.

Other Legal Requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

Comply with a legal obligation.
Protect and defend the rights or property of the Company.
Prevent or investigate possible wrongdoing in connection with the Service.
Protect the personal safety of users of the Service or the public.
Protect against legal liability.
Enforce Our agreements and policies.

Security of Your Personal Data

The security of Your Personal Data is important to Us. We use commercially reasonable safeguards designed to protect information, including encryption in transit, protected authentication flows, access controls, and encryption for certain sensitive product data such as persisted Smart Mask replacement maps.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

Children's Privacy

The Service is not intended for anyone under the age of 18. We do not knowingly collect Personal Data from anyone under 18. If You are a parent or guardian and believe a child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from a child without appropriate consent, We will take reasonable steps to remove that information.

Links to Other Websites

The Service may contain links to third-party websites or services that are not operated by Us. If You click a third-party link, You will be directed to that third party's site. We strongly advise You to review the privacy policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify You of changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Where required or appropriate, We may also provide notice through email or a prominent notice in the Service.

Changes to this Privacy Policy are effective when posted on this page.

Contact Us

If You have questions about this Privacy Policy or Our data practices, You can contact Us at:

Email: info@zerosight.ai