ZeroDriveX
ArchiveLogin

Privacy Policy

Legal

This Privacy Policy describes how ZeroDriveX LLC ("ZDX", "we", "us") collects, uses, and protects information when you use any of our products and services, including zerodrivex.com, auth.zerodrivex.com, the zdxai CLI, ZDX Mobile AI (Android), ZDX Text Guard, and all related services (collectively, the "Services").

1. Information We Collect

What we collect depends on which Service you use. The following applies across all Services unless a product-specific section below states otherwise.

  • Account data: Email address and bcrypt-hashed password when you register.
  • Authentication tokens: JWT access tokens (15-minute expiry) and refresh tokens (30-day expiry) stored as HTTP-only cookies (user-token, rt). Token IDs (JTI) are stored in Redis to enable instant revocation.
  • Technical / log data: IP addresses, timestamps, user-agent strings, and audit events (login, logout, token refresh, failed attempts). Collected for security and abuse prevention.
  • Payment data: Payments are processed by Stripe. ZDX stores your Stripe Customer ID, Subscription ID, and subscription status only. We do not store full card numbers or CVV data.
  • Contact form data: Name, email address, and message content when you contact us.
  • Cookies: Authentication cookies only (see Section 6). No advertising or tracking cookies are used on any ZDX property.

2. Product-Specific Data Practices

2a. zdxai CLI

  • Routing metadata (model selected, token counts, cost estimate) may be logged for billing accuracy and service diagnostics.
  • Prompt content is forwarded directly to the AI provider you select (Anthropic, OpenAI, Google, or xAI). ZDX does not store, read, or log your prompt content.
  • License key and activation status are stored to verify your subscription via auth.zerodrivex.com.
  • Each AI provider's own privacy policy governs how they handle your prompts. Links are provided in Section 5.

2b. ZDX Mobile AI (Android)

ZDX Mobile AI is a local-first, on-device AI assistant powered by Ollama. AI inference runs entirely on your device. ZDX does not receive, log, or store the content of your prompts, messages, contacts, calls, or any other personal data processed by the AI features.

Android Permissions & Purpose:

  • Camera — Captures images for on-device AI analysis only. Images are not uploaded to ZDX servers.
  • Microphone — Captures voice input for the local AI assistant. Audio is processed on-device and is never transmitted or stored by ZDX.
  • Contacts — Read-only access to enable AI-assisted contact lookup. Contact data is not transmitted to ZDX or any third party.
  • SMS (Read & Send) — Enables AI-assisted messaging features. Message content is processed on-device only and not transmitted to ZDX.
  • Phone / Call Log — Enables AI-assisted call management. Call log data is not transmitted off-device.
  • Calendar (Read & Write) — Enables AI-assisted scheduling. Calendar data is processed locally and not transmitted to ZDX.
  • Local storage: AI model files and app preferences are stored on your device. Uninstalling the app removes all locally stored app data.
  • Authentication: If you sign in with a ZDX account, your session is managed via auth.zerodrivex.com using JWT tokens as described in Sections 1 and 6.
  • No SDKs for ads or analytics: ZDX Mobile AI contains no advertising SDKs, analytics SDKs, or third-party tracking libraries.

2c. ZDX Text Guard

ZDX Text Guard detects and neutralizes prompt injection attacks before they reach your AI pipeline. Available as a web app, Android app, and REST API.

  • Text submitted for scanning is analyzed on-device (Android) or server-side (web / API). ZDX does not store, log, or retain the content of text you submit beyond the duration of the scan request.
  • Scan metadata (timestamp, threat classification result, API key identifier) may be logged for billing, rate limiting, and service diagnostics.
  • API usage: Your API key is used to authenticate requests and track usage against your subscription tier. No prompt content is retained server-side.
  • Android app: The Android version performs all analysis on-device. No text content is transmitted to ZDX servers when using offline mode.

2d. ZDX Auth Platform (auth.zerodrivex.com)

The ZDX Auth Platform provides multi-tenant JWT authentication for ZDX products and licensed third-party integrations.

  • Data collected: Email, bcrypt-hashed password, Stripe billing identifiers, JWT/JTI records in Redis, and audit logs (login attempts, token events).
  • Multi-tenant isolation: Each client integration is scoped by Client ID. Data is logically isolated between tenants.
  • Admin access: ZDX administrators may access account records for support, fraud investigation, or legal compliance purposes only.

3. How We Use Your Information

  • To provide, secure, and operate the Services.
  • To authenticate your identity and maintain sessions.
  • To process payments and manage subscriptions via Stripe.
  • To send transactional emails (password resets, billing receipts).
  • To detect and prevent fraud, abuse, and security threats.
  • To enforce rate limits and subscription usage quotas.
  • To comply with legal obligations.

We do not sell your personal information to third parties. We do not use your data for advertising. We do not use user content or prompts to train AI models without your explicit consent.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), our legal bases are:

  • Contract: Processing needed to provide the Services you requested (authentication, subscriptions).
  • Legitimate interests: Security logging, fraud prevention, and service improvement.
  • Legal obligation: Compliance with applicable law.
  • Consent: Where we explicitly ask for consent (e.g., marketing emails).

5. Third-Party Data Processors

  • Vercel — Hosts zerodrivex.com. Processes request logs, IP addresses, and edge network data under their Privacy Policy.
  • Stripe — Processes payments and subscription billing. Subject to Stripe's Privacy Policy.
  • Google (Gmail SMTP) — Delivers transactional emails (password resets, billing receipts). Subject to Google's terms.
  • Anthropic — Receives prompts when you select Claude via the zdxai CLI. Subject to Anthropic's Privacy Policy.
  • OpenAI — Receives prompts when you select GPT-4o via the zdxai CLI. Subject to OpenAI's Privacy Policy.
  • Google (Gemini) — Receives prompts when you select Gemini via the zdxai CLI. Subject to Google's AI terms.
  • xAI (Grok) — Receives prompts when you select Grok via the zdxai CLI. Subject to xAI's privacy terms.
  • Neon / PostgreSQL — Database hosting for account and content data on zerodrivex.com.
  • Redis / Upstash — Stores session JTIs for token revocation. Data is transient and TTL-bounded.

ZDX Mobile AI and ZDX Text Guard (Android, offline mode) do not transmit data to any third-party processors during normal on-device operation.

6. Cookies

Cookies are used on zerodrivex.com and auth.zerodrivex.com only. ZDX Mobile AI and the zdxai CLI do not use browser cookies.

  • user-token — HTTP-only, Secure. JWT access token. Expires in 15 minutes. Required for authenticated access.
  • rt — HTTP-only, Secure. Refresh token. Expires in 30 days. Used to obtain new access tokens without re-login.

We do not use advertising, analytics, or tracking cookies. Disabling cookies will prevent you from using authenticated features on our web properties.

7. Data Retention

  • Account data: retained until you delete your account.
  • Authentication logs: retained for up to 90 days for security purposes.
  • Redis session JTIs: automatically expire with the token TTL.
  • Stripe billing records: retained as required by financial regulations (typically 7 years).
  • Password reset tokens: expire after 1 hour and are deleted upon use.
  • ZDX Text Guard scan metadata: retained for up to 30 days for billing and diagnostics. Scanned text content is not retained.
  • ZDX Mobile AI local data: stored on your device until you uninstall the app or clear app data. ZDX holds no server-side copy.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Erasure (Right to be Forgotten): Request deletion of your account and personal data.
  • Portability: Request your data in a portable format.
  • Restriction: Request that we limit processing of your data.
  • Opt-out of sale (CCPA): We do not sell personal information. No opt-out is needed.

To exercise any of these rights, contact us via our contact page. We will respond within 30 days.

9. Children's Privacy

Our Services are not directed to children under 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. International Transfers

Your data may be processed in the United States and other countries where our processors operate. By using the Services, you consent to such transfers. We rely on Standard Contractual Clauses or equivalent mechanisms for EEA data transfers.

11. Security

ZDX applies security-by-default principles across all products. Measures include bcrypt password hashing, HTTP-only secure cookies, JWT with short expiry and instant Redis-based revocation, TLS in transit, and prompt injection detection via ZDX Text Guard in AI-facing pipelines. If you discover a vulnerability, please contact us via our contact page.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The version number and date at the top of this page will reflect any changes. Material changes will be communicated via email or a prominent notice on the site. Continued use of any Service after changes constitutes acceptance of the updated policy.

13. Contact

Questions, data requests, or complaints about this Privacy Policy: contact us here.