Zerocoder

Privacy Policy

Last updated: 2026-05-28

Data controller: TUQ LTD, 20–22 Wenlock Road, London N1 7GU, United Kingdom. Contact: privacy@zerocoder.com. This policy explains what personal data we process when you use Zerocoder, the legal bases for that processing, and the rights you have under the UK GDPR and the EU GDPR.

1. What we collect

  • Account data — email, hashed password, display name, avatar, locale, time zone, SSO identifiers (Google sub, Telegram id).
  • Usage data — pages viewed, features used, AI prompts you submit and Outputs generated, message history, credit-ledger entries, plan tier, referral links you used.
  • Technical data — IP address, user-agent, device fingerprint, browser timezone, language headers, timestamps, request identifiers.
  • Payment data — we do not store full card numbers. Payments are handled by Stripe; we keep transaction id, plan, last-4 digits, card-issuer country and billing email.
  • Communications — email correspondence with support, expert-marketplace applications, tool-submission forms.

2. How we use it & legal basis

  • Contract performance — providing the Platform, billing subscriptions, granting Credits, sending operational email (magic links, password reset, payment receipts).
  • Legitimate interest — security, abuse detection, rate-limiting, fraud and chargeback prevention, content moderation (including human review of flagged prompts/Outputs), analytics, product improvement.
  • Consent — marketing email, optional analytics cookies, voluntary participation in product research.
  • Legal obligation — VAT/tax records, responses to lawful requests from competent authorities.

3. AI inputs and Outputs

Prompts you submit and the resulting Outputs are forwarded to third-party AI providers (OpenAI, Anthropic, Google, others as added) for inference and may be stored by them under their own retention policies. We additionally retain a copy linked to your Account to enable Chat History, abuse review and billing reconciliation. Do not submit personal data, sensitive information, trade secrets, credentials or anything you would not want a third party to see.

4. Sharing & processors

We share data only with processors strictly necessary to deliver the Platform:

  • AI inference: OpenAI, OpenRouter, Anthropic, Google (Gemini), additional providers added from time to time.
  • Infrastructure: our own servers hosted with a Russian / EU hosting provider, MinIO storage, Cloudflare (optional).
  • Payments: Stripe.
  • Transactional email: Resend.
  • Analytics: Google Analytics 4, Yandex.Metrika (only on production host, with cookie consent where required).
  • Support: Telegram (for our admin notifications, not for your data).

We do not sell personal data and do not use it for ad targeting outside the Platform.

5. International transfers

Personal data may be processed in the UK, EU, US, Russia and other jurisdictions where our providers operate. For transfers outside the UK/EEA we rely on the UK International Data Transfer Agreement, EU Standard Contractual Clauses, or the recipient’s adequacy decision, as applicable.

6. Retention

  • Account & usage data — for the life of the Account plus 90 days after deletion (to handle refund disputes and chargebacks).
  • Chat history / AI Outputs — until you delete the conversation or the Account; abuse-flagged content is kept for up to 24 months for safety review.
  • Credit-transaction ledger & payment receipts — 7 years (tax and accounting requirements).
  • Backups — rolling 30-day window.
  • Anonymised analytics — retained indefinitely.

7. Your rights

Under the UK GDPR and EU GDPR you have the right to access, rectify, erase, restrict or object to processing, withdraw consent (where processing relies on it), and request portability of your data. We respond within 30 days of receiving a verified request. Email privacy@zerocoder.com. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ico.org.uk) or your local EU supervisory authority.

8. Children

The Platform is not directed at children under 16. If you become aware that a child has provided personal data without parental consent, contact us and we will delete it.

9. Security

We use industry-standard measures: TLS in transit, password hashing with bcrypt, encrypted backups, scoped database credentials, restricted admin access, rate-limiting, intrusion-detection (fail2ban), and continuous patching. No system is perfectly secure; we cannot guarantee absolute protection.

10. Cookies

See the Cookie notice for the cookies we set, their purpose and how to disable them.

11. Changes to this policy

Material changes are announced on the Platform and emailed to registered users at least 14 days before they take effect. The version date at the top of the page is authoritative.

12. Contact

Data protection enquiries: privacy@zerocoder.com. Postal: TUQ LTD, 20–22 Wenlock Road, London N1 7GU, United Kingdom.

Privacy Policy — Zerocoder