Privacy Policy
How ZeroSight AI collects, uses, and protects your personal information.
Last updated: March 25, 2026
Introduction
ZeroSight AI ("we", "our", or "us") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI chat platform with privacy enforcement capabilities.
By accessing or using ZeroSight AI, you agree to the terms of this Privacy Policy.
Information We Collect
Account Information
When you create an account, we collect:
- Email address
- Name
- Organization affiliation (if applicable)
- Authentication credentials (securely hashed, never stored in plaintext)
Usage Data
We automatically collect certain information when you use our service:
- Messages sent through the platform (subject to your organization's PII enforcement policy)
- PII detection events and enforcement actions taken
- Session duration and feature usage patterns
- Device type, browser version, and operating system
PII Detection Data
Our core functionality involves detecting and handling personally identifiable information:
- PII detection results (entity types, confidence scores, character positions)
- Enforcement actions applied (block, strip, mask, warn, highlight)
- Audit logs recording detection events for compliance purposes
- Replacement maps used during Smart Mask sessions are ephemeral and not persisted beyond the active request unless resumable streaming is enabled, in which case they are encrypted (AES-256-GCM) with a time-limited TTL
How We Use Your Information
We use collected information to:
- Provide and maintain the ZeroSight AI service
- Enforce your organization's privacy policies on AI interactions
- Generate compliance reports and audit trails for authorized administrators
- Improve PII detection accuracy and reduce false positives
- Communicate service updates, security notices, and support responses
- Monitor and prevent abuse of the platform
Data Protection
Smart Mask Technology
When Smart Mask mode is active, your sensitive data is replaced with placeholders before being sent to any third-party AI provider. The AI model never receives your actual personal information. Original values are held in server memory only for the duration of the request and are not logged or persisted.
Server-Side Enforcement
All PII enforcement occurs server-side. Client-side scanning provides visual feedback only and is not a security boundary. The server is the sole enforcer of your organization's privacy policies.
Encryption
- All data in transit is encrypted via TLS 1.3
- Replacement maps for resumable streams are encrypted with AES-256-GCM
- Database connections use encrypted channels
Data Retention
- Chat messages are retained according to your organization's configured retention policy
- PII audit logs are retained for compliance purposes as configured by your organization administrator
- Ephemeral data (replacement maps, stream state) is automatically purged after request completion or TTL expiration
Third-Party AI Providers
ZeroSight AI acts as an intermediary between you and third-party AI providers (such as OpenAI). When PII enforcement is active:
- Block mode: Your message never reaches the AI provider
- Strip mode: PII is removed before the message is sent
- Smart Mask mode: PII is replaced with placeholders; the AI provider only sees anonymized content
- Warn and Highlight modes: You are informed of detected PII before choosing to proceed
We do not control the privacy practices of third-party AI providers. We recommend reviewing their respective privacy policies.
Organization Administrators
If you use ZeroSight AI through an organization account, your organization administrator may:
- Set and enforce minimum PII protection policies
- Access aggregated PII detection analytics and compliance reports
- Configure model-specific restrictions and custom detection patterns
- View audit logs of PII events within the organization
Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate information
- Request deletion of your personal information
- Object to or restrict certain processing activities
- Export your data in a portable format
To exercise any of these rights, contact us at privacy@zerosight.ai.
Children's Privacy
ZeroSight AI is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date.
Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at:
- Email: privacy@zerosight.ai
- Address: 155 N Riverview Dr, Anaheim, CA 92808
