DivzeroDivzero

Privacy Policy

Last updated: March 16, 2026

At Divzero ("Company," "we," "our," or "us"), your privacy is a top priority. This Privacy Policy explains how we collect, use, share, and protect information when you use our AI agent deployment platform, website, APIs, and related services (collectively, the "Service"). By using Divzero, you consent to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, avatar, and OAuth identifiers (e.g., GitHub ID) when you create an account.
  • Payment Information: Billing details processed through Stripe. We do not store full credit card numbers on our servers.
  • Agent Configurations: System prompts, parameters, model selections, and environment variables you configure for your AI agents.
  • Integration Credentials: OAuth tokens for third-party services (Notion, Jira, Google Workspace, Slack) which are encrypted at rest using AES-256.
  • Support Communications: Any messages, feedback, or files you send to our support team.

1.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, API calls made, click patterns, and session duration.
  • Device & Browser Data: IP address, browser type and version, operating system, device type, and screen resolution.
  • Agent Runtime Data: Execution logs, performance metrics (latency, token counts, error rates), and deployment status for the agents you run on the platform.
  • Analytics: We use PostHog for product analytics to understand how users interact with the Service. PostHog may collect anonymized interaction data.

1.3 Information from Third Parties

When you authenticate via GitHub or another OAuth provider, we receive profile information (name, email, avatar) from that provider in accordance with the permissions you grant.

2. How We Use Your Information

We process your information for the following purposes:

  • Service Delivery: To create and manage your account, deploy and monitor your AI agents, and process payments.
  • Security: To detect and prevent fraud, unauthorized access, abuse, and to enforce our Terms of Service and Acceptable Use Policy.
  • Improvement: To analyze usage trends, debug issues, develop new features, and improve platform performance and reliability.
  • Communications: To send transaction confirmations, service updates, security alerts, and (with your consent) marketing communications.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes.

3. AI-Specific Data Practices

Because Divzero operates as a platform for deploying AI agents, we want to be transparent about how data flows through our system:

  • Prompt & Output Data: Agent system prompts, input data, and AI-generated outputs are processed to operate the Service. We do not use your prompts or outputs to train AI models.
  • Model Providers: When your agents invoke AI models (e.g., Anthropic Claude, OpenRouter), data is transmitted to those providers under their respective privacy policies. We encourage you to review their policies.
  • Token Usage Tracking: We track token consumption for billing and usage-monitoring purposes. This includes aggregate token counts — not the content of the tokens themselves — stored in our database.
  • Agent Logs: Execution logs generated by your agents are stored to provide you with debugging and monitoring capabilities. Logs are retained according to your subscription tier and are deleted upon account termination.

4. How We Share Your Information

We do not sell your personal data. We may share information only in the following circumstances:

  • Service Providers: With trusted third parties who assist in operating the Service — including Stripe (payment processing), AWS (infrastructure hosting), Anthropic and OpenRouter (AI model inference), and PostHog (analytics). These providers are contractually required to protect your data.
  • Integrations You Authorize: When you connect third-party services (Notion, Jira, Google Workspace), data is shared with those services on your behalf according to the permissions you grant.
  • Legal Requirements: If required by law, regulation, subpoena, or court order.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the successor entity.
  • With Your Consent: In any other case where you have given explicit consent.

5. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS 1.2+) and encryption at rest for sensitive data.
  • AES-256 encryption for OAuth tokens and integration credentials using per-instance encryption keys.
  • Hashed API keys — we store only the hash of your API keys and never the raw key itself after initial issuance.
  • Network isolation via AWS VPCs, security groups, and private subnets for agent deployment infrastructure.
  • Regular security reviews and dependency auditing.

Despite our efforts, no method of transmission or storage is 100% secure. We encourage you to protect your credentials and use strong, unique passwords.

6. Data Retention

  • Account Data: Retained for the duration of your account. Upon deletion, personal data is purged within 30 days.
  • Agent Logs & Metrics: Retained according to your subscription plan tier with configurable retention periods.
  • Billing Records: Retained for up to 7 years to comply with tax and accounting obligations.
  • Anonymized/Aggregated Data: May be retained indefinitely for analytics and service improvement purposes.

7. Your Rights & Choices

Depending on your location, you may have the following rights under applicable data protection laws (e.g., GDPR, CCPA):

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Portability: Request your data in a structured, commonly used format.
  • Opt-Out: Unsubscribe from marketing communications at any time using the link in any email or by contacting support.
  • Do Not Sell: We do not sell personal data. If you are a California resident, you have the right to know that no sale has occurred.

To exercise any of these rights, email privacy@divzero.one. We will respond within 30 days.

8. Cookies & Tracking Technologies

We use essential cookies for authentication and session management. We use PostHog for product analytics, which may use cookies or similar technologies to collect anonymized usage data. You can manage cookie preferences through your browser settings.

9. International Data Transfers

Divzero is based in the United States. If you access the Service from outside the US, your data may be transferred to and processed in the US or other jurisdictions where our service providers operate. We rely on Standard Contractual Clauses and other approved mechanisms to safeguard international data transfers where required.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we learn that we have collected such data, we will delete it promptly.

11. Third-Party Links & Services

The Service may contain links to third-party websites and integrations. We are not responsible for the privacy practices of these external services. We encourage you to review their privacy policies independently.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through a prominent notice in the Service at least 30 days before the changes take effect. The "Last updated" date at the top reflects the most recent revision.

13. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: