Privacy Policy

Account information: identifiers and profile fields provided through Clerk, such as your user id, email address, display name, and authentication state.

Desktop authorization information: OAuth consent status, desktop access tokens issued by our control plane, token expiration timestamps, and device authorization state needed to keep the desktop app tied to your account.

Billing and entitlement information: subscription plan, payment status, quota or access state, checkout and portal events, and billing provider identifiers. We do not store full payment card numbers.

Model provider access information: OpenRouter or model-provider key identifiers, encrypted API key material prepared for desktop delivery, key status, spending limits, reset timestamps, and related quota metadata used to authorize provider access and enforce account entitlements.

Operational information: service logs, security events, request metadata, diagnostics, and error reports needed to run, secure, and debug the service.

Local desktop data: workflow definitions, runtime state, logs, and configuration may be stored on your device by the desktop app. Local files remain on your device unless a feature you use sends data elsewhere.

Google sign-in data: if you choose Google sign-in through Clerk, we may receive the account identifiers and profile fields needed to authenticate you. We do not request Google Drive, Gmail, Calendar, or other Google content scopes unless a future feature clearly asks for them.

In the current production setup, when you configure or use OpenRouter or another model provider from the desktop app, model requests are sent directly from the client to that provider. The Zeroth does not receive those prompts, model inputs, model outputs, or provider responses through an intermediate The Zeroth service.

The Zeroth control plane may process provider-access metadata and encrypted API key material so the desktop app can receive the provider configuration tied to your account. This does not mean The Zeroth receives the prompts or responses sent directly between your desktop app and the selected provider.

If The Zeroth later introduces a hosted model relay, server-side prompt processing, or cloud workflow execution, we will update this Privacy Policy before using that architecture for customer prompt data.

OpenRouter and the selected model providers may process your requests under their own terms and privacy policies. You are responsible for understanding the data handling rules of the providers you connect.

Do not send sensitive, regulated, or confidential information to a model provider unless you have confirmed that provider is appropriate for that use.

We use information to authenticate users, authorize desktop access, manage subscriptions, provide billing and account pages, prevent abuse, diagnose failures, secure the service, and communicate service-related updates.

We do not sell personal information. We do not use your model prompts or model responses for training in the current production setup because those requests do not pass through The Zeroth.

We rely on third-party services to operate the product, including Clerk for authentication and account management, Google OAuth when you choose Google sign-in, payment providers for checkout and subscription management, Vercel for web hosting, Google Cloud for backend services, Cloudflare or object storage for release delivery, and observability tools for diagnostics.

These providers process information only as needed for their role in the service, subject to their own contractual and legal obligations.

Authentication cookies and local storage may be used by Clerk and the console to keep you signed in and protect sessions.

The desktop app may store local settings and authorization state on your device so it can start securely and keep your account connection intact.

We retain account, authorization, billing, and operational records for as long as needed to provide the service, comply with legal or tax obligations, resolve disputes, enforce agreements, and maintain security.

Account records are kept while your account is active and for a reasonable period after closure so we can process deletion, handle support, prevent abuse, and keep required business records.

Desktop authorization records, access tokens, token expiration timestamps, OAuth exchange records, and device authorization state are retained for the life of the active authorization and then for a limited period needed for security review, debugging, and abuse prevention.

OpenRouter or model-provider key identifiers, encrypted key material, key status, spending limits, reset timestamps, and quota metadata are retained while needed to provide desktop provider access, enforce entitlements, investigate account or billing issues, and then deleted or deactivated when no longer needed for those purposes.

Billing and transaction records may be retained after an account is closed where needed for tax, accounting, fraud prevention, chargeback, refund, and dispute-handling obligations.

Security logs, diagnostic records, rate-limit records, and service logs are retained only for a limited period that is reasonably needed for security, debugging, abuse prevention, incident investigation, and service reliability.

Local desktop data remains on your device until you delete it or uninstall the app, subject to your operating system and backup settings.

Depending on your location, you may have rights to access, correct, delete, export, or object to certain processing of your personal information.

You can manage authentication details through your account, cancel subscriptions through the billing flow, and contact us to request account deletion or privacy assistance.

If you are in California, the European Economic Area, the United Kingdom, or another jurisdiction with privacy rights, you may contact us to exercise rights available under applicable law. We will verify and respond to requests as required by applicable law.

We do not currently sell personal information or share personal information for cross-context behavioral advertising.

We use reasonable technical and organizational safeguards for account, authorization, billing, and operational information, including provider-managed authentication, encrypted transport, and access controls for production systems.

No internet service can be guaranteed to be perfectly secure. You are responsible for keeping your device, account credentials, OAuth grants, and provider keys secure.

The Zeroth may be accessed globally. Information may be processed in countries other than where you live, including the United States or other locations where our providers operate.

The Zeroth is not intended for children under 13. If you are under the age of majority in your location, you may use The Zeroth only with involvement and consent from a parent or legal guardian.

We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, contact us so we can take appropriate action.

For privacy requests or questions, contact us at privacy@the-zeroth.com.