ZeroSight AI logoZeroSight AIDemo

Privacy Policy

How ZeroSight AI collects, uses, and protects your personal information.

Last updated: March 25, 2026

Introduction

ZeroSight AI ("we", "our", or "us") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI chat platform with privacy enforcement capabilities.

By accessing or using ZeroSight AI, you agree to the terms of this Privacy Policy.

Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Name
  • Organization affiliation (if applicable)
  • Authentication credentials (securely hashed, never stored in plaintext)

Usage Data

We automatically collect certain information when you use our service:

  • Messages sent through the platform (subject to your organization's PII enforcement policy)
  • PII detection events and enforcement actions taken
  • Session duration and feature usage patterns
  • Device type, browser version, and operating system

PII Detection Data

Our core functionality involves detecting and handling personally identifiable information:

  • PII detection results (entity types, confidence scores, character positions)
  • Enforcement actions applied (block, strip, mask, warn, highlight)
  • Audit logs recording detection events for compliance purposes
  • Replacement maps used during Smart Mask sessions are ephemeral and not persisted beyond the active request unless resumable streaming is enabled, in which case they are encrypted (AES-256-GCM) with a time-limited TTL

How We Use Your Information

We use collected information to:

  • Provide and maintain the ZeroSight AI service
  • Enforce your organization's privacy policies on AI interactions
  • Generate compliance reports and audit trails for authorized administrators
  • Improve PII detection accuracy and reduce false positives
  • Communicate service updates, security notices, and support responses
  • Monitor and prevent abuse of the platform

Data Protection

Smart Mask Technology

When Smart Mask mode is active, your sensitive data is replaced with placeholders before being sent to any third-party AI provider. The AI model never receives your actual personal information. Original values are held in server memory only for the duration of the request and are not logged or persisted.

Server-Side Enforcement

All PII enforcement occurs server-side. Client-side scanning provides visual feedback only and is not a security boundary. The server is the sole enforcer of your organization's privacy policies.

Encryption

  • All data in transit is encrypted via TLS 1.3
  • Replacement maps for resumable streams are encrypted with AES-256-GCM
  • Database connections use encrypted channels

Data Retention

  • Chat messages are retained according to your organization's configured retention policy
  • PII audit logs are retained for compliance purposes as configured by your organization administrator
  • Ephemeral data (replacement maps, stream state) is automatically purged after request completion or TTL expiration

Third-Party AI Providers

ZeroSight AI acts as an intermediary between you and third-party AI providers (such as OpenAI). When PII enforcement is active:

  • Block mode: Your message never reaches the AI provider
  • Strip mode: PII is removed before the message is sent
  • Smart Mask mode: PII is replaced with placeholders; the AI provider only sees anonymized content
  • Warn and Highlight modes: You are informed of detected PII before choosing to proceed

We do not control the privacy practices of third-party AI providers. We recommend reviewing their respective privacy policies.

Organization Administrators

If you use ZeroSight AI through an organization account, your organization administrator may:

  • Set and enforce minimum PII protection policies
  • Access aggregated PII detection analytics and compliance reports
  • Configure model-specific restrictions and custom detection patterns
  • View audit logs of PII events within the organization

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your personal information
  • Object to or restrict certain processing activities
  • Export your data in a portable format

To exercise any of these rights, contact us at privacy@zerosight.ai.

Children's Privacy

ZeroSight AI is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date.

Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: