Privacy Policy

This Privacy Policy describes how ("Zero Assist", "we", "us", or "our") collects, uses, stores, and protects personal data when you use the platform and desktop agent ("Service").

This policy is issued under the Digital Personal Data Protection Act, 2023 (DPDPA 2023), Sections 5 & 6, and complies with GDPR and CCPA principles.

Privacy enquiries:

Name, work email address, company name, phone number (optional), and hashed password.

Payment provider transaction IDs, amount, credit quantity purchased, payment status, and timestamps. Card numbers are handled entirely by our payment processors and never reach our servers.

IP address, browser type, operating system, pages visited, and error logs collected for service operation, security, and debugging.

The following data is collected by the Zero Assist Desktop Agent installed on a candidate's device during the session. Candidates must give explicit consent before any data is collected.

To detect web-based AI tools, the agent also inspects the device's system DNS resolver cache and active network connections against a fixed list of known AI-assistance service domains. No general browsing history or DNS history is collected — only matches against this known-service list are recorded.

  • No screen recordings, screenshots, or video capture
  • No audio recordings — mic access is detected but audio is never recorded
  • No file system browsing or personal document access
  • No browser history (beyond active tabs during session)

Contract performance for delivering the Service, and legitimate interest for platform security.

Explicit consent under Section 6 of DPDPA 2023 and Article 6 of GDPR, and legitimate interest for employment screening purposes.

Your data is stored on a self-hosted PostgreSQL 17 database running on Oracle Cloud Infrastructure (OCI), located in India. The backend application servers also run on OCI infrastructure in India.

All primary data — including candidate session data and company account data — is stored and processed entirely within India. We do not transfer candidate personal data outside India for primary storage or processing. No cross-border data transfer provisions under the Digital Personal Data Protection Act, 2023 (DPDPA 2023) apply to our primary data processing operations.

The frontend interface is served via Vercel's global CDN. The frontend is a static application that does not store or process personal data — all personal data flows directly from the candidate's device to our India-based backend servers. All data is encrypted at rest (AES-256) and in transit (TLS 1.3).

Website visitors: our public website uses a small number of United States–based service providers for analytics, error diagnostics, transactional email, and demo scheduling (see Sub-processors). These handle website-visitor and account-communication data only — never candidate forensic session data, which remains in India. For that limited website telemetry, data may be processed outside India under the providers' standard data-protection terms.

Request a summary of the personal data we hold and how it is being processed.

Request correction of inaccurate data or erasure of data no longer necessary.

Candidates may withdraw consent at any time by closing the agent application.

Lodge a complaint with our Grievance Officer or the Data Protection Board.

To exercise any right, email .

  • Encryption: TLS 1.2+ in transit and AES-256 at rest.
  • Access Control: Least-privilege role-based access to all databases.
  • Monitoring: Append-only security audit logging of authentication, report-access, and deletion events.

Founder & Grievance Officer —

Email: Address:

Response commitment (IT Rules 2021 Rule 3(2)(d))

  • Complaints acknowledged within 24 hours of receipt.
  • Complaints resolved or substantively responded to within 15 days.
  • If unresolved after 15 days, you may escalate to the Data Protection Board of India once constituted, or file a complaint under the IT Act 2000.