Welcome to ZeroHands (“ZeroHands”, “we”, “us”, or “our”). ZeroHands provides the fastest email experience in the world, designed to make our users twice as productive. This Privacy Policy explains how we collect, disclose, and otherwise process personal data when you use our website (the “Site”), mobile application (the “App”), and all related services (collectively, the “Service”), and your choices concerning our data practices. “You” or “your” refers to the individual to whom personal data relates.
1. ZeroHands Contact Information
Address:
ZeroHands
39/1336, Third Floor, Madangiri DDA Flats
New Delhi – 110062, India
Privacy Inquiries:
[email protected]
2. PERSONAL DATA WE PROCESS ON BEHALF OF BUSINESS CUSTOMERS
If one of our business customers (such as your employer) provides you with access to the Service, please note:
- They may impose additional restrictions on how we process your personal data. Those restrictions are governed by your agreement with them, not by this Privacy Policy.
- To access, correct, or delete your personal data, contact that business customer directly. If you contact ZeroHands with a privacy request, we will refer you to them and assist as needed.
3. INFORMATION ABOUT NON-USERS
If you exchange emails with individuals who are not using ZeroHands (“Non-Users”), we process their email addresses and message content solely to provide the Service to you. We do not use or share Non-User data for advertising or marketing.
4. PERSONAL DATA WE COLLECT
4.1 Personal Data You Provide
- Contact details: name, email address, phone number (when you register or sign up)
- Employment information: if you represent a business customer
- Payment information: securely processed via Stripe (we do not store full card data)
- Communications: support requests, feedback, form submissions
- Marketing preferences: opt-in choices and engagement metrics
- Email Content Data: the contents of emails you send/receive through ZeroHands (processed only to deliver the Service)
4.2 Personal Data Collected Automatically
- Usage logs: page views, feature usage, visit timestamps, peak hours
- System info: IP addresses, device identifiers, operating system and browser versions, referring/exit pages
- Authentication tokens: encrypted Google or Microsoft tokens when you sign in
4.3 Personal Data Received From Third Parties
- Social media: data you share via our Facebook/Twitter pages
- Third-party logins: profile details from Google or Microsoft when you connect accounts
- Public records: aggregated data from third-party providers, subject to privacy settings
5. HOW WE USE PERSONAL DATA
We use personal data to:
- Provide & improve the Service: authenticate users, sync drafts, process transactions, respond to support requests
- Enhance functionality: analyze usage patterns, solicit referrals, guide product development
- Communicate: send administrative notices, policy updates, and security advisories
- Marketing (with consent): deliver newsletters and promotional offers based on your preferences
6. GOOGLE ACCOUNT INTEGRATION
When you connect ZeroHands to your Google Account:
- We request Gmail API access only after your explicit consent.
- We limit scopes strictly to what's needed for email features.
- Authentication uses Google's OAuth 2.0.
- You may revoke our access at any time via your Google Account settings.
7. DATA COLLECTION & USAGE
7.1 Google Services Data Handling
- Processed under Google's API Services User Data Policy (including Limited Use requirements).
- No permanent storage of email content—only encrypted, in-memory or disk caches (max 24 hours).
- All Gmail API calls over TLS 1.3.
- Anonymized usage analytics; error logs retained for 30 days.
7.2 Self-Hosted Instances
- Your data never leaves your infrastructure unless you opt in.
- You choose storage, retention, and backup policies.
- Optional, anonymized telemetry can be enabled to improve ZeroHands.
7.3 Data Processing Locations
- By default, data processed in SOC 2 Type II–certified U.S. data centers.
- Self-hosted deployments may select any region.
- We comply with international transfer rules and offer Data Processing Agreements.
8. DATA PROTECTION & SECURITY
8.1 Security Measures
- Encryption in transit: TLS 1.2+ for all Service communication
- Encryption at rest: AES-256 for sensitive data (payment tokens, caches)
- Access controls: Role-based access, MFA for administrative accounts
- Vulnerability management: Quarterly penetration tests, automated dependency updates
- Open source: Codebase available for community review
8.2 Infrastructure Security
- ISO 27001 & SOC 2-certified data centers
- Enterprise firewalls, IDS/IPS, DDoS protection
- Regular backups & disaster-recovery exercises
8.3 Incident & Vulnerability Response
- 24/7 Security Operations Center (SOC) monitoring
- Bug-bounty program with responsible-disclosure guidelines
- Formal Incident Response Plan with user/regulator notification timelines
- Post-incident root-cause analysis and remediation
9. GOOGLE USER DATA HANDLING
9.1 Data Access & Usage
We access via Gmail API only:
- Message bodies & attachments
- Metadata (subjects, dates, senders/recipients)
- Labels & folder structures
- Basic Google profile info
This data is used solely to power ZeroHands features—not for marketing or profiling. All access is logged and audited.
9.2 Data Sharing & Transfer
ZeroHands does not share Google data with third parties except:
- Subprocessors (e.g., Stripe, hosting providers) bound by confidentiality & Limited Use agreements
- When legally compelled (e.g., court order)
We maintain an annually reviewed list of all subprocessors with data access.
10. DATA RETENTION & DELETION
- Email data: real-time processing only; temporary caches auto-delete after 24 hours
- Account deletion:
- Mark user data for deletion immediately
- Purge all caches within 24 hours
- Remove backups within 7 days
- Erase audit logs after 30 days
- User requests: You may request immediate data purge or export at any time.
11. USER RIGHTS & CONTROLS
Under applicable law (e.g., GDPR, CCPA), you have the right to:
- Access your personal data
- Rectify inaccuracies
- Erase your data
- Restrict certain processing
- Portability: export data in machine-readable form
- Object to processing based on legitimate interests
- Revoke Google OAuth consent at any time
Submit requests via [email protected].
12. LIMITED USE DISCLOSURE
Our handling of information from Google APIs strictly adheres to the Limited Use requirements of the Google API Services User Data Policy.
13. PRICING & REFUND POLICY
- Free Plan: Includes a 14-day trial of Premium features.
- Refunds: Pro-rated refunds within 30 days of purchase; see our Terms of Service for details.
14. CHANGES TO THIS POLICY
We may update this Privacy Policy as our Service evolves. When we do, we will:
- Post the revised date at the top
- Notify you of material changes via email or in-app notice before they take effect
Your continued use after changes signifies acceptance.
15. UK & EU REPRESENTATIVES
As of today, ZeroHands has not appointed a representative under Article 27 of the UK GDPR or the EU GDPR. Should this become necessary, we will promptly publish contact details here.
16. CONTACT US
For any questions or concerns about this Privacy Policy or our data practices, please reach out at:
Email: [email protected]
Address: 39/1336, Third Floor, Madangiri DDA Flats, New Delhi – 110062, India
Thank you for trusting ZeroHands with your data. We're committed to keeping it safe and secure.