ZeroPrompt (“we”, “us”, “our”) is operated by KNM LABS PTY LTD (Sydney, NSW, Australia). This Privacy Policy explains how we collect, use, disclose, and protect information when you use the Service.
1. Summary (Key Points)
- We store User Content (Prompts) you choose to save.
- We automatically scan all Prompts (including Private Prompts) for safety and service integrity.
- Human access to Prompts is limited and purpose-bound (flagged content, support requests, safety/legal review).
- We do not sell personal information and we do not run third-party ads.
2. Who We Are (Controller)
KNM LABS PTY LTD is the entity responsible for processing personal information described in this Policy.
If you are located in the EEA/UK and we are required to appoint an EU/UK representative, we will publish the representative’s contact details in this Policy.
3. Information We Collect
3.1 Information you provide
- Account information: email address and authentication identifiers (via Clerk).
- User Content: Prompts; visibility settings (private/public/link-shared); and metadata you add (titles, tags, collections).
- Support communications: information you provide when contacting support.
3.2 Information collected automatically
- Usage and device data: IP address, device/browser type, pages/screens viewed, timestamps, interactions, and diagnostic logs.
- Cookies / similar technologies: for essential functions and analytics (see Section 9).
3.3 Payments
Payments are processed by Stripe. We receive limited billing information such as subscription status, payment confirmations, and billing-related metadata. We do not store full card numbers.
4. How We Use Information
We use information to:
- provide and operate the Service (store, organise, and display your Prompts),
- authenticate users and maintain accounts,
- process subscriptions and manage billing status,
- maintain security, prevent abuse, and enforce our Terms,
- provide support and respond to requests,
- monitor performance, debug issues, and improve features and usability,
- comply with legal obligations.
5. Automated Scanning of Prompts (Including Private Prompts)
To protect users and the Service, we automatically scan Prompts (including Private Prompts) using classifiers, keyword detection, and similar techniques to detect:
- CSAM and other illegal content,
- malware/exploit content and abuse patterns,
- content that violates our Terms.
This processing may create safety signals (e.g., flags, risk scores, or categories). Automated scanning does not mean we publish or market your Private Prompts.
6. Human Access to Prompts (Limited and Purpose-Bound)
We do not routinely read Private Prompts. Human review may occur only when:
- automated systems flag content for potential policy or legal issues,
- you request support and review is necessary to resolve the issue, or
- safety, abuse, or legal review is required.
Access is restricted to authorised personnel and limited to the minimum necessary for the purpose.
7. Legal Bases (EEA/UK Users)
If the GDPR/UK GDPR applies, we rely on these legal bases:
- Contract: to provide the Service you request (account, storage, sync, display).
- Legitimate interests: to secure the Service, prevent abuse, and improve reliability (including automated scanning and related security analytics), balanced against your rights.
- Consent: where required for non-essential cookies/analytics.
- Legal obligation: where applicable (e.g., lawful requests, preservation/reporting).
8. When We Share Information
We may share information:
- With service providers that help operate the Service (authentication, payments, analytics, hosting, security) under contractual protections.
- For legal reasons (lawful requests, enforcing Terms, protecting rights/safety, CSAM/illegal content reporting where required or appropriate).
- Business transfers (merger, acquisition, financing, or sale of assets), with appropriate safeguards.
We do not sell personal information.
9. Cookies and Analytics (GA4)
We use cookies and similar technologies for:
- Essential functions (login, security, session management).
- Analytics to understand usage and improve the Service (Google Analytics 4).
Where required by law (including in the EU/UK), we will obtain consent before setting non-essential analytics cookies, and we will provide a way to refuse or withdraw consent.
10. International Data Transfers
We are based in Australia, and our providers may process data in other countries. Where required, we use safeguards designed for cross-border transfers (for example, contractual protections).
11. Data Retention
We retain information only as long as necessary for:
- operating the Service and maintaining your account,
- security and abuse prevention,
- legal compliance and dispute resolution.
If you delete Prompts or close your account, we will delete or de-identify information within a reasonable period, except where we must retain it for legal, security, or legitimate operational purposes (including limited backup retention).
12. Your Rights
Depending on your jurisdiction, you may have rights to:
- access and correct your personal information,
- request deletion,
- object to or restrict certain processing,
- withdraw consent where processing is based on consent.
To exercise rights, contact [email protected]. You may also have the right to lodge a complaint with your local regulator.
13. Children
The Service is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided personal information, contact us so we can take appropriate action.
14. Security
We take reasonable steps designed to protect information from unauthorised access, misuse, loss, or disclosure. No system is completely secure.
15. Changes to this Policy
We may update this Privacy Policy from time to time. We will post the updated version with a new “Last updated” date, and may provide additional notice for material changes.
