Privacy Policy

1. Information We Collect

1.1 Information You Provide to Us

We collect information you provide directly to us when you use our Services. The types of personal information we may collect include:

• Account Information: When you create an account, we collect your name, email address, password, company name, job title, phone number, and billing information.
• Profile Information: Information you add to your account profile, such as a photo, biographical information, and professional credentials.
• Communications: When you contact us for support, provide feedback, participate in surveys, or otherwise communicate with us, we collect the content of those communications along with your name and contact details.
• Transaction Information: When you make a purchase or subscription, we collect payment card information, billing address, and transaction history. Payment card information is processed by our third-party payment processor and is not stored on our servers.
• Form Submissions: When you fill out forms on our website, including demo requests, newsletter signups, whitepaper downloads, and event registrations, we collect the information you provide in those forms.
• Job Applications: If you apply for a position, we collect your resume, cover letter, employment history, education, and related information.

1.2 Information We Collect Automatically

When you access or use our Services, we automatically collect certain information, including:

• Device Information: Hardware model, operating system and version, unique device identifiers, mobile network information, and device settings.
• Log Information: Access times, pages viewed, IP address, the page you visited before navigating to our Services, browser type and version, and referring URL.
• Usage Information: Information about your use of the Services, including features accessed, actions taken, time spent on pages, and interaction patterns.
• Location Information: General location information inferred from your IP address. We do not collect precise geolocation information without your consent.
• Cookies and Similar Technologies: We use cookies, web beacons, pixels, and similar technologies to collect information about your browsing activities. See Section 7 for more details.

1.3 Information We Collect from Third Parties

We may receive personal information about you from third parties, including:

• Identity Providers: If you choose to log in through a third-party identity provider (e.g., Google, Microsoft, Okta), we receive information from that provider as authorized by you.
• Business Partners: Our resellers, distributors, and managed service provider partners may share contact information and related details when referring you to us.
• Public Sources: We may collect information from publicly available sources, including professional networking sites, company websites, and public databases.
• Data Enrichment Services: We may supplement the information we collect with additional business contact information from third-party data providers.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and Maintain Services: To operate, maintain, improve, and provide the features and functionality of our Zero Trust security platform, including processing transactions and sending related information such as purchase confirmations and invoices.
• Customer Support: To respond to your comments, questions, and requests and provide customer service and technical support.
• Communications: To send you technical notices, updates, security alerts, support and administrative messages, and information about products, services, and events offered by Zerac and others.
• Personalization: To personalize and improve your experience with our Services, including by providing customized content, recommendations, and features.
• Analytics and Research: To monitor and analyze trends, usage, and activities in connection with our Services and to conduct research and development.
• Security and Fraud Prevention: To detect, investigate, and prevent security incidents, fraudulent transactions, and other illegal activities and to protect the rights and property of Zerac and others.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.
• Marketing: To send you marketing communications about products, services, events, and promotions, subject to your marketing preferences and applicable law. You may opt out at any time.
• Aggregation and De-identification: To create aggregated, de-identified, or anonymized data that we may use and disclose without restriction where permitted by applicable law.

3. How We Share Your Information

We do not sell your personal information. We may share your personal information in the following circumstances:

• Service Providers: We share information with third-party vendors, consultants, and other service providers who perform services on our behalf, such as cloud hosting (AWS, Azure), payment processing (Stripe), analytics (Google Analytics, Mixpanel), customer support (HubSpot), and email delivery (SendGrid). These providers are contractually obligated to protect your information.
• Business Partners: With your consent or at your direction, we may share information with resellers, distributors, and technology partners in connection with the delivery of our Services.
• Compliance and Safety: We may disclose information if we believe in good faith that disclosure is necessary to comply with applicable law, regulation, legal process, or governmental request; to enforce our agreements and policies; to protect the security or integrity of our Services; or to protect Zerac, our users, or the public from harm or illegal activities.
• Business Transfers: In connection with, or during negotiations of, any merger, sale of company assets, financing, acquisition, dissolution, or similar transaction, your personal information may be shared or transferred. We will notify you of any such change in ownership or control.
• With Your Consent: We may share your personal information for any other purpose with your consent or at your direction.

4. Data Security

We implement and maintain reasonable administrative, technical, and physical security measures designed to protect personal information from unauthorized access, use, alteration, and destruction. As a Zero Trust security company, we apply the same rigorous security principles we advocate to our own infrastructure, including:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256)
• Multi-factor authentication for all internal systems
• Role-based access controls with least-privilege enforcement
• Regular penetration testing and security audits by independent third parties
• SOC 2 Type II compliance
• Continuous monitoring and automated threat detection
• Employee security awareness training
• Incident response planning and regular testing

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your personal information, whether we can achieve those purposes through other means, and applicable legal requirements.

When personal information is no longer needed, we securely delete or anonymize it. For active customer accounts, we retain account information for the duration of the subscription plus 90 days. Backup data is retained for up to 12 months. Marketing contact information is retained until you opt out or request deletion. Job application data is retained for 24 months from the date of application unless you request earlier deletion.

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information. These may include:

• Access: The right to request a copy of the personal information we hold about you.
• Correction: The right to request that we correct inaccurate or incomplete personal information.
• Deletion: The right to request that we delete your personal information, subject to certain exceptions.
• Portability: The right to receive your personal information in a structured, commonly used, and machine-readable format.
• Restriction: The right to request that we restrict the processing of your personal information in certain circumstances.
• Objection: The right to object to the processing of your personal information for certain purposes, including direct marketing.
• Withdraw Consent: Where we rely on your consent to process personal information, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us at privacy@zerac.com. We will respond to your request within 30 days (or sooner if required by applicable law). We may request additional information to verify your identity before fulfilling your request.

Marketing Opt-Out: You may opt out of receiving marketing communications from us by clicking the “unsubscribe” link in our emails, updating your communication preferences in your account settings, or contacting us at privacy@zerac.com. Even if you opt out of marketing communications, we will continue to send you transactional and service-related messages.

7. Cookies and Tracking Technologies

We and our third-party partners use cookies and similar tracking technologies to collect information about your interactions with our Services. The types of cookies we use include:

• Strictly Necessary Cookies: Required for the operation of our Services, including session management and security features. These cannot be disabled.
• Performance and Analytics Cookies: Help us understand how visitors interact with our Services by collecting and reporting information anonymously. We use Google Analytics and similar tools.
• Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences and settings.
• Marketing Cookies: Used to deliver relevant advertisements and track the effectiveness of our advertising campaigns. These may be set by third-party advertising partners.

You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse or accept cookies, delete existing cookies, and set preferences for certain websites. Please note that disabling cookies may affect the functionality of our Services.

Do Not Track: Some browsers offer a “Do Not Track” (DNT) setting. There is currently no universally accepted standard for how companies should respond to DNT signals. We do not currently respond to DNT browser signals.

8. International Data Transfers

Zerac is headquartered in the United States. If you are accessing our Services from outside the United States, please be aware that your personal information may be transferred to, stored, and processed in the United States and other countries where our service providers operate. These countries may have data protection laws that are different from the laws of your country.

Where required by applicable law, we implement appropriate safeguards for international data transfers, including Standard Contractual Clauses approved by the European Commission, and we ensure that recipients of personal data provide an adequate level of protection.

9. Children's Privacy

Our Services are not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will promptly take steps to delete that information. If you believe we may have collected information from a child under 16, please contact us at privacy@zerac.com.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). These include the right to know what personal information we collect, use, disclose, and sell; the right to delete personal information; the right to opt out of the sale or sharing of personal information; the right to correct inaccurate personal information; the right to limit the use and disclosure of sensitive personal information; and the right to non-discrimination for exercising your privacy rights.

We do not sell personal information and have not done so in the preceding twelve months. To exercise your California privacy rights, please contact us at privacy@zerac.com or call +1 833 937 2249.

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have certain rights under the General Data Protection Regulation (GDPR) and related laws. The legal bases for our processing of personal information include: performance of a contract with you, our legitimate business interests, compliance with legal obligations, and your consent. You have the rights described in Section 6 above, and you also have the right to lodge a complaint with your local data protection authority.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. We will notify you of any material changes by posting the updated Privacy Policy on this page and updating the “Last updated” date at the top. If the changes are significant, we may also provide additional notice, such as an email notification or a prominent notice on our website. Your continued use of the Services after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

For data protection inquiries from the EU/EEA, you may also contact our Data Protection Officer at dpo@zerac.com.