Privacy

Last updated: 2026-05-05

Architecture

ZeroSync is end-to-end encrypted by design. The signaling server (whether you self-host it or use the public demo) never holds room keys and cannot read message content — payloads are encrypted in your browser with AES-256-GCM before transmission. Server-side logs contain only SHA-256-hashed room and peer identifiers; no plaintext IDs or content is ever recorded. See COMPLIANCE.md for the architecture-to-control mapping.

Scope of this policy

This policy covers the marketing and documentation site at tovsa7.github.io/ZeroSync. The MIT client SDK, the Apache 2.0 self-hosted server, and your own deployment handle data per their own behavior — they do not phone home and they do not share data with this site or its maintainer.

What this site collects

How we use it

Form submissions arrive in the maintainer's inbox at contact.zerosync@proton.me. They are read to reply to you personally and to size the commercial offering pipeline. Submissions are never sold, shared, or used for unrelated marketing.

Storage and retention

Tally stores submissions on its servers (in the EU). Email replies stay in the maintainer's Proton Mail inbox, encrypted at rest. Submissions are kept until the inquiry is resolved or you ask for deletion — whichever comes first.

Your rights (GDPR)

You may request access, correction, or deletion of any data you've submitted by emailing contact.zerosync@proton.me. We aim to reply within a few business days, and in any case within the 30-day GDPR window.

Cookies

This site sets no first-party cookies. Microsoft Clarity sets analytics cookies for session reconstruction; you can opt out via your browser's "Do Not Track" setting or Microsoft's privacy controls.

Contact

Questions about this policy or about ZeroSync's data handling more broadly: contact.zerosync@proton.me. You will reach the maintainer directly.

← Home