Privacy Policy

Effective Date: March 16, 2026

Zero Dev LLC (“Company,” “we,” “us,” or “our”) operates the ZeroTerminal platform at zeroterminal.io. This Privacy Policy describes what information we collect, how we use it, how we protect it, and your rights regarding that information.

We built ZeroTerminal with a privacy-first approach. We do not run analytics or tracking software. We do not serve advertisements. We do not sell, rent, or share your personal data with third parties for their marketing purposes.

1. Information We Collect

1.1 Account Information

When you create an account via Clerk (our authentication provider), we receive and store:

  • Email address
  • Name (if provided)
  • Authentication identifiers (Clerk user ID)
  • Session data (login timestamps, session tokens)

1.2 Brokerage Account Data

When you connect a brokerage account, we access and store the following data via read-only OAuth connections with your broker:

  • Account identifiers (account numbers, account types)
  • Portfolio positions (ticker symbols, quantities, cost basis, market values)
  • Account balances and margin data (buying power, margin balances, maintenance requirements)
  • Account-level metadata (account names, account status)

We do not store your brokerage login credentials. Authentication is handled via OAuth tokens issued directly by your broker. We store only the OAuth access and refresh tokens necessary to maintain your connection.

1.3 X (Twitter) Data

If you connect your X account or use X-related features, we may access and store:

  • Your X OAuth tokens (to authenticate API requests on your behalf)
  • Posts (tweets) retrieved via X API search, filtered to your portfolio positions or configured search accounts
  • X user profile information (usernames, display names, follower counts) for accounts in your search lists
  • Your X following list (user IDs only, cached for search filtering)

X data retrieved through the Service is cached temporarily in our database to minimize redundant API calls and associated costs.

1.4 Payment Information

Payment processing is handled entirely by Stripe. We do not directly collect, store, or process credit card numbers, bank account details, or other payment credentials. Stripe may share with us: your subscription status, transaction history (amounts and dates), and a truncated card identifier for display purposes.

1.5 Usage Data

We do not use third-party analytics, tracking pixels, or behavioral monitoring tools. The only usage data we collect is internal metering data necessary to enforce subscription limits, including: X API search counts, credit pack usage, and feature access logs. This data is stored in our database and is used exclusively for billing enforcement and service operation.

1.6 Server Logs

Our servers automatically record standard access logs, which may include IP addresses, request timestamps, request paths, HTTP status codes, and user-agent strings. These logs are used for security monitoring, debugging, and abuse prevention. They are not correlated with user profiles for analytics or tracking purposes.

2. How We Use Your Information

We use collected information exclusively to:

  • Provide and operate the Service, including syncing your portfolio data, retrieving relevant news and social media content, and generating AI analysis
  • Authenticate your identity and manage your account
  • Process payments and enforce subscription limits
  • Communicate with you about your account, service updates, or support requests
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not use your data for advertising, profiling, or behavioral targeting. We do not build user profiles for any purpose beyond providing the Service.

3. AI-Generated Content and Data Processing

When you use AI analysis features, your portfolio data (such as ticker symbols and position context) may be sent to xAI (the provider of the Grok large language model) to generate analysis, summaries, or sentiment assessments. This data is transmitted via API and is subject to xAI's data processing terms.

We send only the minimum data necessary to generate the requested analysis. We do not send your full account balances, personal identity information, or brokerage credentials to AI providers.

You should be aware that AI-generated content may be inaccurate. See our Terms of Service, Section 7 for important disclaimers about AI-generated content.

4. Data Sharing and Third-Party Services

We share your data only with the following categories of service providers, and only to the extent necessary to operate the Service:

  • Clerk — Authentication and session management. Receives your email and authentication data.
  • Stripe — Payment processing. Receives payment method and transaction data.
  • Brokerage APIs (Schwab, TradeStation) — OAuth token exchange and portfolio data retrieval. Data flows from your broker to us; we do not send your data to your broker beyond what is required for authentication.
  • X (Twitter) API — Search queries and OAuth tokens for content retrieval.
  • xAI (Grok) — Ticker symbols and position context for AI analysis generation.

We do not sell, rent, or otherwise disclose your personal information to any other third parties. We may disclose information if required by law, subpoena, court order, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Storage and Security

Your data is stored on infrastructure hosted by Google Cloud Platform (GCP) in the European Union (Belgium, europe-west1 region). Although the Service is directed at users in the United States, your data is physically stored and processed on EU-based servers. We implement reasonable technical and organizational security measures, including:

  • Encryption in transit (TLS/HTTPS for all connections)
  • Encrypted OAuth token storage
  • Access controls limiting who can access production systems
  • Regular security patching of server infrastructure

No method of electronic storage or transmission is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention and Deletion

6.1 Active Accounts

We retain your data for as long as your account is active and as needed to provide the Service. Cached data (such as X posts and position snapshots) is retained according to configurable retention windows, which vary by subscription tier.

6.2 Account Deletion

When you request account deletion, we perform a hard delete of your data within twenty-four (24) hours. This includes:

  • Your user profile and authentication data
  • All stored brokerage OAuth tokens (revoking our access to your broker accounts)
  • All cached portfolio positions, balances, and account data
  • All stored X data, search configurations, and OAuth tokens
  • All billing and subscription metadata (Stripe retains its own records per its privacy policy)
  • All usage metering data

To request account deletion, contact us at support@zeroterminal.io or use the account deletion option in Settings.

6.3 Server Logs

Server access logs are retained for up to ninety (90) days for security and debugging purposes, then automatically purged.

7. Cookies and Local Storage

The Service uses only essential cookies required for authentication and session management, set by Clerk. We do not use advertising cookies, tracking cookies, or any third-party cookie-based analytics.

Essential cookies include session tokens and authentication state. These cookies are strictly necessary for the Service to function and cannot be disabled while using the Service.

8. Children's Privacy

The Service is not directed at or intended for use by anyone under the age of eighteen (18). We do not knowingly collect personal information from minors. If we learn that we have collected data from a person under 18, we will delete that information promptly. If you believe a minor has provided us with personal information, contact us at support@zeroterminal.io.

9. Your Privacy Rights

Depending on your state of residence, you may have specific privacy rights under applicable law (including but not limited to the California Consumer Privacy Act, Virginia Consumer Data Protection Act, Colorado Privacy Act, and similar state laws). These rights may include:

  • The right to know what personal information we collect about you
  • The right to request deletion of your personal information
  • The right to request a copy of your personal information in a portable format
  • The right to opt out of the sale of your personal information (we do not sell your data)
  • The right to non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at support@zeroterminal.io. We will respond to verified requests within the timeframe required by applicable law.

Because we do not sell personal information, do not use it for targeted advertising, and do not engage in profiling, many common opt-out mechanisms do not apply to the Service.

10. International Users

The Service is designed for and directed at users in the United States. Your data is stored on servers located in the European Union (Belgium). If you access the Service from outside the United States, you do so at your own risk and are responsible for compliance with local laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least thirty (30) days before they take effect. The “Effective Date” at the top of this document indicates the date of the most recent revision. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:

Zero Dev LLC
Email: support@zeroterminal.io
Website: zeroterminal.io