Privacy Policy

Our commitments to you

We built Zero Zeta to do two things — upskill professionals and corporates in AI and machine learning, and build AI solutions for industry. Either way, we end up holding data on behalf of the people and businesses who learn with us or run our software. We take that responsibility seriously. Here is what we promise:

• We collect only the data we need to make our Services work — nothing more.
• We never sell your data. Ever.
• We do not share your conversations or business data with advertisers, and we do not use them to train third-party AI models.
• We encrypt everything in transit and at rest, and we limit who inside Zero Zeta can touch production data.
• We honour deletion requests within 30 days, as required by India's Digital Personal Data Protection Act, 2023.
• We name every third party we share data with, on this page, by name — not in vague categories.

The rest of this page sets those commitments out in detail. Service-specific data flows — including the exact third-party processors used by each of our products — are listed in the Service Appendices at the bottom.

1. Who we are

Zero Zeta is an Indian company that works at the intersection of AI education and AI solutioning. On the education side, we upskill professionals and corporates in machine learning and AI through structured programs and partnerships. On the solutioning side, we build AI-driven products for industry — currently focused on Industrial AI for manufacturing operations. Our registered address and contact details are on the About Us page. For anything privacy-related, write to info@zerozeta.com.

For legal precision: under India's DPDPA, we are the data fiduciary for the personal data described on this page; under the EU GDPR (where it applies), we are the data controller. Where you are our customer organisation and the data in question belongs to your own employees or end-users, you act as the controller and we act as your processor — handling that data only on your instructions.

2. What data we collect

To deliver our Services, we collect the following categories of data. Not every Service collects every category — the Service Appendices tell you exactly which categories apply to which product.

We do not knowingly collect data from anyone under the age of 18. Our Services are built for business use by adult employees of a registered customer organisation — if a child has somehow ended up in our systems, write to us and we will delete that record.

3. How we use it

We use the data we collect to:

• Deliver the core functionality of each Service.
• Hold short-term context so the Service remembers what you said earlier in the same session, where the Service requires it.
• Authenticate users and authorise actions inside your tenant.
• Produce aggregated operational reports for your organisation's administrators.
• Monitor service health, debug errors, and prevent abuse.
• Bill your organisation according to the plan you selected.
• Comply with applicable law, including responding to lawful requests from authorities.

We do not use your data for any other purpose without telling you first.

4. Our legal bases

Under India's DPDPA, we process your personal data on the basis of your consent (collected when your organisation onboards) and on the basis of legitimate uses connected to the employment or business relationship and to security and fraud prevention.

Under the EU GDPR (where it applies), our legal bases are: (a) performance of a contract with you or your employer (Art. 6(1)(b)), (b) our legitimate interests in operating and securing the Services (Art. 6(1)(f)), and (c) consent (Art. 6(1)(a)) where we ask for it specifically.

5. Who we share data with

We share the minimum data necessary with a small set of third-party processors who help us run our Services. Each of them is bound by contract to use your data only on our instructions and to maintain appropriate security. The exact processors for each Service are named in the Service Appendices below.

The categories of processors we work with are:

• Communications providers — WhatsApp Business Cloud API providers, SMS gateways, and email providers — where the Service has a messaging interface.
• AI inference providers — to run the large language models and other ML models that power our Services.
• Speech and document processing providers — to transcribe voice notes and parse documents.
• Caching and short-term storage providers — to hold transient conversation context.
• Cloud infrastructure providers — to host the application and the primary database.
• Payments and invoicing providers — to process subscription billing.

We do not sell your data. We do not share it with advertisers. We do not use your conversations or business data to train third-party AI models. If any of this changes, we will tell you before it happens.

6. International transfers

Some of the third-party services we rely on are operated by companies whose processing infrastructure may be located outside India. When personal data flows to such infrastructure, we rely on standard contractual clauses with the provider and on each provider's own certifications. We will not transfer personal data to any jurisdiction that the Government of India has restricted under DPDPA §16.

7. How long we keep your data

• Short-term conversation context (where used) — we keep it for 30 days on a rolling basis, then auto-purge it.
• Voice note audio — we do not store it at all once transcription completes. Only the transcript is retained.
• Long-term operational records (jobs, KPIs, business data) — we keep these for as long as your tenant subscription is active, plus 90 days after termination, unless you ask us to delete them sooner.
• Billing records — we are required to keep these for 8 years under Indian tax law.
• Security and error logs — we keep these for 180 days.

If a specific Service retains anything differently, that exception is called out in its Service Appendix.

8. How we protect your data

• We encrypt all data in transit using TLS 1.2 or higher.
• We encrypt all data at rest using AES-256.
• We restrict access to production data to a small number of named engineers, log every access, and review the access list quarterly.
• We use signed authentication tokens with short expiry windows.
• We follow the principle of least privilege across all our systems.

9. Your rights

You have real, exercisable rights over the data we hold about you:

• Access — ask us what data we hold about you, and we will tell you.
• Correction — ask us to fix data that is wrong or out of date.
• Erasure / deletion — ask us to delete your data. See our Data Deletion page for exactly how to request this and how long it takes.
• Withdraw consent — withdraw any consent you previously gave, at any time.
• Portability (GDPR users) — receive a copy of your data in a machine-readable format.
• Grievance redressal (DPDPA users) — raise a complaint with our Grievance Officer below; you may also approach the Data Protection Board of India if you remain unsatisfied.
• Lodge a complaint (GDPR users) — with your local supervisory authority.

10. Cookies

Our website and product dashboards use a small number of cookies — for authentication, basic analytics, and security. We do not use third-party advertising cookies. Full details are on our Cookie Policy.

11. Changes to this policy

If we make material changes to this policy, we will email tenant administrators at least 14 days before the change takes effect and update the "Last updated" date at the top of this page. Continuing to use a Service after that date means you accept the updated policy.

12. Contact

For any question about this policy, email info@zerozeta.com or call +91 83106 23079. Our postal address is on the About Us page.

Service Appendices

Each Zero Zeta service that processes personal data has its own appendix below, listing the specific third-party processors we use, what data flows to each, and any Service-specific notes that differ from the platform defaults above. New appendices are added here as we launch new Services.

Appendix A — ProcessOps Copilot

ProcessOps Copilot is our WhatsApp-native AI assistant for process-manufacturing operations, at msme-scheduler.zerozeta.com/register. For this Service we work with the following processors:

For ProcessOps specifically:

• We keep conversation history in Upstash Redis for 30 days on a rolling basis, then auto-purge it.
• We send voice notes to Whisper for transcription and do not store the audio on our own infrastructure once transcription completes.
• The conversation text we send to Groq is transient — under our current contract with Groq, it is not retained for model training.