What is an AI security gateway?

An AI security gateway provides a secure chat portal for your team and native integration with developer tools like Claude Code and Cursor. It scans all messages for sensitive data like PII and secrets, blocking or redacting them before they reach external AI services.

How does ZeroShare Gateway prevent data leaks to AI?

ZeroShare Gateway provides a secure AI chat portal and native Claude Code/Cursor integration where every message and code request is scanned for PII (emails, SSNs, credit cards, etc.) and secrets (API keys, credentials) before reaching AI providers.

Does ZeroShare Gateway support compliance requirements like GDPR, SOC 2, and HIPAA?

ZeroShare Gateway is designed with compliance in mind, featuring built-in audit logging, data residency controls, and technical safeguards that support GDPR, SOC 2, and HIPAA requirements. SOC 2 Type I is currently in progress, with Type II planned to follow.

How much does ZeroShare Gateway cost?

ZeroShare Gateway offers a free Starter tier (1,000 requests/day), Professional at $499/month (100,000 requests/day), and Enterprise with custom pricing for unlimited usage.

Does ZeroShare Gateway slow down AI responses?

No. ZeroShare Gateway adds minimal latency, averaging less than 5 milliseconds. The gateway uses streaming pass-through so users see AI responses in real-time.

Privacy Policy

Last updated: February 7, 2026

Version 2.0

ZeroShare, Inc. ("ZeroShare," "Company," "we," "our," or "us"), a corporation organized under the laws of the State of Rhode Island, United States, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, store, and safeguard your information when you:

Visit our website at deployzeroshare.com ("Website");
Use the ZeroShare Gateway software ("Software");
Use the ZeroShare Desktop Agent or ZeroShare VS Code Extension ("Companion Software");
Create an account, subscribe to a plan, or contact us;
Receive communications from us.

Collectively, the Website, Software, Companion Software, and all related services are referred to as the "Service."

Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not access or use the Service.

1. Our Privacy Commitment

ZeroShare Gateway is built on a fundamental privacy principle: your sensitive data stays on your infrastructure. The Software processes prompts, AI responses, PII detection results, secrets scanning results, and audit logs entirely within your own deployment environment. ZeroShare does not receive, access, host, or store the content of your AI interactions or the sensitive data the Software is designed to protect.

This Privacy Policy primarily addresses the limited information that ZeroShare does collect in connection with operating the Service -- such as account information, billing data, license verification data, and Website analytics.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide to us, including:

(a) Account Registration Information:

Name
Business email address
Company or organization name
Job title (optional)
Password (hashed; we never store plaintext passwords) or magic link authentication preference

(b) Billing and Payment Information:

Billing name and address
Payment method information (credit card number, expiration date, CVC)
Note: Full payment card details are processed and stored by our payment processor, Stripe, Inc. ZeroShare receives only a truncated card identifier (last four digits), card type, and expiration date for display purposes. ZeroShare does not store full credit card numbers on its systems.
For AWS Marketplace customers, billing information is handled by Amazon Web Services, Inc.

(c) Communications:

Support requests and correspondence
Feedback, survey responses, and feature requests
Email communications you send to us

(d) Enterprise Onboarding Information:

Organization details for enterprise agreements
Technical contact information
SSO/OIDC configuration details (issuer URL, client ID -- not client secrets)

2.2 Information Collected Automatically

When you visit our Website, we may automatically collect:

(a) Device and Browser Information:

IP address
Browser type and version
Operating system
Device type (desktop, mobile, tablet)
Screen resolution

(b) Usage Information:

Pages visited and time spent on each page
Referring URL (how you arrived at our Website)
Click patterns and navigation paths
Date and time of visits

(c) Cookies and Similar Technologies:

Session cookies (required for Website functionality)
Analytics cookies (for understanding Website usage)
Preference cookies (for remembering your settings)

See Section 8 for more detail on cookies.

2.3 Information Collected by the Software (License Verification)

The Software performs periodic license verification ("phone-home") approximately once every three (3) days. During license verification, the following data is transmitted to ZeroShare's servers:

License Key identifier (cryptographic hash, not the key itself)
Subscription Tier (Free, Team, Business, or Enterprise)
Active user count (number only, not names or identifiers)
Active instance count
Software version number
Timestamp of the verification request
Basic deployment environment (operating system type, container runtime)

What is NOT transmitted during license verification:

No Customer Data (prompts, AI responses, chat content)
No personally identifiable information of Authorized Users (names, emails, IP addresses)
No audit log contents
No PII or secrets detection results
No configuration details (API keys, SSO settings, model configurations)

2.4 Optional Telemetry

The Software may collect anonymized, aggregated usage telemetry to help ZeroShare improve the product, including:

Feature utilization rates (which features are used, how often)
Error rates and types (for stability improvement)
Performance metrics (response times, throughput)

Optional telemetry can be fully disabled by setting TELEMETRY_ENABLED=false in the Software configuration. License verification (Section 2.3) cannot be disabled for online deployments but is not required for Air-Gap deployments with offline License Keys.

2.5 Email Communications

We send emails via Amazon Web Services Simple Email Service (AWS SES) for the following purposes:

(a) Transactional Emails (cannot be opted out):

Magic link authentication emails
Password reset emails
Account security notifications
Billing receipts and payment failure notices
License expiration warnings
Required legal notices (Terms updates, Privacy Policy changes)

(b) Product Communications (can be opted out):

Product update announcements
Security advisories and patch notifications
Feature release notifications

(c) Marketing Communications (opt-in only):

Newsletter and blog digest
Industry reports and guides
Event invitations

You may unsubscribe from product and marketing communications at any time using the unsubscribe link in any email or by contacting privacy@deployzeroshare.com. You cannot opt out of transactional emails while maintaining an active account, as they are necessary for the operation of the Service.

3. How We Use Your Information

We use the information we collect for the following purposes:

(a) Providing the Service:

Creating and managing your account
Processing subscriptions and payments
Issuing and validating License Keys
Sending transactional communications (magic links, receipts, security notices)
Providing customer support

(b) Maintaining and Improving the Service:

Monitoring Website availability and performance
Analyzing usage patterns to improve features and user experience
Identifying and fixing bugs and technical issues
Developing new features and services

(c) Security and Fraud Prevention:

Detecting and preventing unauthorized access
Identifying fraudulent transactions or license abuse
Enforcing our Terms of Service and EULA
Protecting the rights, property, and safety of ZeroShare and our users

(d) Legal Compliance:

Complying with applicable laws, regulations, and legal processes
Responding to lawful requests from governmental authorities
Establishing, exercising, or defending legal claims

(e) Communications:

Sending product updates and security advisories
Responding to your inquiries and support requests
Sending marketing communications (with your consent)

4. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we process your personal data on the following legal bases:

Purpose	Legal Basis
Account creation and management	Performance of contract
Payment processing	Performance of contract
License verification	Performance of contract / Legitimate interest
Transactional emails	Performance of contract
Customer support	Performance of contract
Website analytics	Legitimate interest (with consent where required)
Security and fraud prevention	Legitimate interest
Legal compliance	Legal obligation
Marketing communications	Consent
Product improvement (telemetry)	Legitimate interest (opt-out available)

Our legitimate interests include operating and improving our business, preventing fraud, and ensuring the security of our Service. We balance these interests against your rights and freedoms and do not process personal data where our interests are overridden by your rights.

5. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We share your information only in the following limited circumstances:

5.1 Service Providers

We engage trusted third-party service providers who process personal data on our behalf:

Service Provider	Purpose	Data Shared	Location
Stripe, Inc.	Payment processing	Billing information, payment details	United States
Amazon Web Services (AWS)	Cloud infrastructure, email delivery (SES), hosting	Account data, email addresses (for SES), license verification data	United States
Loops.so	Email marketing platform	Email address, name (for opted-in marketing only)	United States

All service providers are contractually obligated to process personal data only as instructed by ZeroShare and to maintain appropriate security measures.

5.2 AWS Marketplace

If you subscribe through AWS Marketplace, certain account and billing information is shared with Amazon Web Services, Inc. as necessary to process your subscription.

5.3 Legal Requirements

We may disclose your information if required to do so by law, court order, subpoena, or other legal process, or if we have a good-faith belief that disclosure is necessary to:

Comply with applicable laws or regulations
Protect the rights, property, or safety of ZeroShare, our users, or the public
Detect, prevent, or address fraud, security, or technical issues

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of the transaction. We will notify you of any such transfer and any choices you may have regarding your information.

5.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

5.6 Aggregated and De-identified Data

We may share aggregated or de-identified data that cannot reasonably be used to identify you. For example, we may share aggregate statistics about the number of ZeroShare deployments or anonymized product usage trends.

6. Data Retention

6.1 Retention Periods

Data Category	Retention Period	Rationale
Account information	Duration of account + 30 days	Service provision
Billing records	7 years after transaction	Tax and legal compliance
License verification logs	90 days	License validation and debugging
Optional telemetry data	12 months (rolling)	Product improvement
Website analytics	26 months	Usage analysis
Support correspondence	3 years after resolution	Service quality and legal
Marketing consent records	Duration of consent + 3 years	Compliance documentation
Email delivery logs (SES)	90 days	Delivery troubleshooting

6.2 Deletion

When the retention period expires or you request deletion, we will delete or anonymize your personal data within thirty (30) days, except where retention is required by law (e.g., tax records) or necessary for the establishment, exercise, or defense of legal claims.

6.3 Customer Data on Your Infrastructure

Customer Data processed by the Software on your infrastructure is entirely under your control. ZeroShare does not have access to it and cannot delete it. You are responsible for managing and deleting Customer Data on your own systems.

7. Data Security

7.1 Technical Measures

We implement appropriate technical measures to protect personal data, including:

Encryption in Transit: All data transmitted between your browser and our Website, and between the Software and our license verification servers, is encrypted using TLS 1.3 or higher.
Encryption at Rest: Personal data stored on our systems is encrypted using AES-256 encryption.
Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis, with role-based access controls and multi-factor authentication.
Infrastructure Security: Our systems are hosted on AWS infrastructure, which maintains SOC 2, ISO 27001, and other certifications.

7.2 Organizational Measures

Regular security training for personnel with access to personal data
Incident response procedures for data breaches
Regular security assessments and vulnerability scanning
Vendor security assessments for third-party service providers

7.3 Breach Notification

In the event of a data breach that affects your personal data, we will:

Notify affected individuals without undue delay (and within seventy-two (72) hours where required by GDPR)
Notify relevant supervisory authorities as required by applicable law
Provide information about the nature of the breach, the data affected, and the measures taken to address it

7.4 No Absolute Guarantee

While we implement robust security measures, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security of your personal data.

8. Cookies and Tracking Technologies

8.1 Types of Cookies

Cookie Type	Purpose	Duration	Can Be Disabled
Strictly Necessary	Website functionality, session management	Session	No (required)
Analytics	Understanding how visitors use the Website	Up to 26 months	Yes
Preference	Remembering your settings and choices	Up to 12 months	Yes

8.2 We Do Not Use

Third-party advertising cookies
Cross-site tracking cookies
Social media tracking pixels (except LinkedIn Insight Tag for our own advertising measurement)

8.3 LinkedIn Insight Tag

We use the LinkedIn Insight Tag on our Website to measure the effectiveness of our LinkedIn advertising campaigns and to understand our Website audience in aggregate. The Insight Tag collects: URL, referrer URL, IP address (truncated), device and browser characteristics, and timestamp. This data is used by LinkedIn to provide aggregated campaign reporting. LinkedIn's use of this data is governed by LinkedIn's Privacy Policy. You can opt out of LinkedIn advertising tracking at https://www.linkedin.com/psettings/guest-controls.

8.4 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when a cookie is being set. Note that disabling strictly necessary cookies may affect Website functionality.

9. Your Rights

9.1 Rights for All Users

Regardless of your location, you have the right to:

Access your personal data that we hold
Correct inaccurate personal data
Delete your account and personal data (subject to legal retention requirements)
Opt out of marketing communications
Disable optional telemetry in the Software

9.2 Exercising Your Rights

To exercise any of these rights, contact us at:

Email: privacy@deployzeroshare.com
Mail: ZeroShare, Inc., PO Box 29023, Providence, RI 02904, United States

We will respond to your request within thirty (30) days. We may need to verify your identity before processing your request.

10. Additional Rights for EEA, UK, and Swiss Residents (GDPR)

10.1 Your Rights Under GDPR

In addition to the rights in Section 9, if you are located in the EEA, UK, or Switzerland, you have the right to:

(a) Data Portability: Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

(b) Restriction of Processing: Request that we restrict processing of your personal data in certain circumstances (e.g., while we verify the accuracy of your data).

(c) Object to Processing: Object to processing of your personal data based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

(d) Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing performed before withdrawal.

(e) Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your member state of habitual residence, place of work, or place of the alleged infringement.

10.2 International Data Transfers

ZeroShare is based in the United States. If you are located outside the United States, your personal data will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on:

Standard Contractual Clauses (SCCs): We use the European Commission's Standard Contractual Clauses as the primary transfer mechanism.
Data Processing Agreement: We offer a Data Processing Agreement (DPA) that incorporates SCCs upon request.
Supplementary Measures: We implement additional technical and organizational measures (encryption, access controls, pseudonymization) to ensure an adequate level of protection.

To request a copy of the SCCs or DPA, contact legal@deployzeroshare.com.

10.3 Data Protection Officer

ZeroShare has not appointed a formal Data Protection Officer (DPO) at this time, as it is not required under Article 37 of the GDPR based on our current processing activities. For data protection inquiries, contact privacy@deployzeroshare.com.

11. Additional Rights for California Residents (CCPA/CPRA)

11.1 Categories of Personal Information

Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA"), the following table summarizes the categories of personal information we collect and our practices:

Category	Examples	Collected	Sold	Shared for Cross-Context Behavioral Advertising
Identifiers	Name, email, IP address	Yes	No	No
Commercial Information	Subscription records, payment history	Yes	No	No
Internet Activity	Browsing history, Website interactions	Yes	No	No
Professional Information	Job title, company name	Yes	No	No
Geolocation Data	Approximate location (from IP)	Yes	No	No

11.2 Your CCPA Rights

(a) Right to Know: You have the right to request that we disclose what personal information we collect, use, and disclose about you.

(b) Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, completing a transaction).

(c) Right to Correct: You have the right to request correction of inaccurate personal information.

(d) Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

(e) Right to Limit Use of Sensitive Personal Information: We do not use or disclose sensitive personal information for purposes beyond what is necessary to provide the Service.

(f) Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

11.3 Exercising CCPA Rights

To exercise your CCPA rights, contact us at:

Email: privacy@deployzeroshare.com
Mail: ZeroShare, Inc., PO Box 29023, Providence, RI 02904, United States

We will verify your identity using information associated with your account. If you do not have an account, we may request additional information to verify your identity. You may designate an authorized agent to make a request on your behalf.

11.4 Do Not Track

Our Website does not currently respond to "Do Not Track" browser signals, as there is no industry-standard protocol for such signals. We do not track users across third-party websites.

11.5 Financial Incentives

We do not offer financial incentives for the collection, sale, or deletion of personal information.

12. Children's Privacy

The Service is intended for business use and is not directed at individuals under the age of eighteen (18). We do not knowingly collect personal information from children under eighteen. If we become aware that we have collected personal information from a child under eighteen, we will take steps to delete that information promptly. If you believe that a child under eighteen has provided us with personal information, please contact us at privacy@deployzeroshare.com.

13. Third-Party Links

The Website may contain links to third-party websites, services, or applications. This Privacy Policy does not apply to third-party services, and we are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you access.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. We will:

Post the updated Privacy Policy on this page with a new "Effective Date"
Notify you of material changes by email to the address associated with your account at least thirty (30) days before the changes take effect
For material changes that affect how we process personal data already collected, obtain your consent where required by applicable law

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the changes, you should stop using the Service before they take effect.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

ZeroShare, Inc.

PO Box 29023
Providence, RI 02904
United States

Privacy Inquiries: privacy@deployzeroshare.com

Legal Inquiries: legal@deployzeroshare.com

General Support: support@deployzeroshare.com

Website: https://deployzeroshare.com

For GDPR-related inquiries, you may also contact your local supervisory authority.

Appendix A: Software Data Flow Summary

The following table summarizes what data goes where in a typical ZeroShare deployment:

Data Type	Stays on Your Infrastructure	Sent to ZeroShare	Sent to Third Parties
AI prompts and responses	Yes	No	Routed to configured AI provider (Azure OpenAI, AWS Bedrock) by your deployment
PII detection results	Yes	No	No
Secrets detection results	Yes	No	No
Audit logs	Yes	No	No
User credentials (SSO tokens)	Yes	No	To your SSO identity provider
License verification	N/A	Yes (hashed key, tier, counts, version)	No
Optional telemetry	N/A	Yes (anonymized, aggregated)	No
Account information	N/A	Yes (name, email, company)	Payment processor (Stripe or AWS)