Legal

Privacy policy.

Last updated · 18 May 2026 Version · 1.0 Governs · zeroth.au & client services

01 · About this policy

Zeroth Group Pty Ltd ABN 81 665 998 443 trading as Zeroth ("Zeroth", "we", "us", "our") is committed to protecting your privacy. We handle personal information in accordance with the Privacy Act 1988 (Cth) (the Privacy Act) and the Australian Privacy Principles (the APPs).

This policy explains how we collect, hold, use, and disclose personal information, how you can access or correct it, and how to make a complaint. It applies to zeroth.au, our agentic workflow services, and any related interactions you have with us.

Plain-English summary We collect contact details, usage data, and information you share during engagements. We use it to deliver and improve our services, to communicate with you, and to meet our legal obligations. We don't sell your personal information. You can ask for access, correction, or deletion at any time — contact details are at the bottom of this page.

02 · Information we collect

The kinds of personal information we collect depend on how you interact with us. They may include:

  • Contact and identity information — name, work email, company, role, phone number, postal address.
  • Engagement information — content you provide while we are scoping, designing, building, or operating an agent for you, including workflow descriptions, screenshots, sample data, and credentials you authorise us to use.
  • Account information — sign-in details, authentication tokens, and dashboard usage logs.
  • Technical information — IP address, browser type and version, device identifiers, referring URLs, pages viewed, and timestamps.
  • Communications — emails, call notes, meeting recordings (where you have consented), and support requests.
  • Payment information — invoicing details and remittance information. Card details, if used, are handled by our payment processors and never stored by us.

We do not generally collect sensitive information (as defined by the Privacy Act). If we need to, we will request your consent and explain why.

03 · How we collect personal information

We collect personal information:

  • Directly from you — when you complete a form on our website, book a call, sign an engagement letter, send us an email, or participate in a workshop.
  • Automatically — through cookies, analytics tools, and server logs when you visit our website or use the Zeroth dashboard.
  • From your organisation — where you are introduced to us by a colleague, manager, or representative of your organisation.
  • From third parties — referrers, publicly available sources (e.g. LinkedIn), or service providers acting on our or your behalf.

Where it is lawful and practicable, you may deal with us anonymously or using a pseudonym — for example, when browsing the site. Some interactions (e.g. signing an engagement letter) require us to know who you are.

04 · How we use personal information

We use personal information for the following purposes:

  • To provide, operate, and improve our services and the Zeroth platform.
  • To respond to enquiries, schedule calls, and run engagements.
  • To send service communications (e.g. run reports, scheduled maintenance, security notices).
  • To bill and account for our services.
  • To send marketing communications, subject to the Spam Act 2003 (Cth) and your right to unsubscribe.
  • To meet our legal, regulatory, and contractual obligations.
  • To investigate and respond to suspected misuse, fraud, or security incidents.

We will not use personal information for a secondary purpose unless that purpose is related to the primary purpose and you would reasonably expect us to, or unless you have consented.

05 · Disclosure

We may disclose personal information to:

  • Service providers we use to operate our business and platform — including cloud infrastructure (e.g. Vercel, Modal, Supabase), database and storage providers, model providers (e.g. Anthropic, OpenRouter), email and scheduling tools, analytics providers, and accounting services. These providers act on our instructions and are bound by confidentiality and security obligations.
  • Subcontractors engaged to deliver elements of an engagement, where you have been informed.
  • Professional advisors — lawyers, accountants, auditors, and insurers.
  • Law enforcement and regulators — where required or authorised by law.
  • Acquirers — in the event of a sale, merger, or restructure of our business, in which case we will require the acquirer to honour this policy.

We do not sell personal information.

06 · Overseas disclosure (APP 8)

Some of our service providers operate, store, or process data outside Australia — typically in the United States and the European Union. By using our services, you acknowledge that personal information may be disclosed overseas to these providers.

Before disclosing personal information overseas, we take reasonable steps to ensure the overseas recipient handles it in a way consistent with the APPs, including via contractual obligations and assessment of their data protection practices.

07 · Storage and security (APP 11)

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. These steps include:

  • Encryption of data in transit (TLS) and at rest.
  • Envelope encryption of per-client credentials inside our database, with the key-encryption key held in a managed secrets vault and never read into application memory.
  • Role-based access controls and least-privilege principles.
  • Multi-factor authentication for staff with access to production systems.
  • Audit logging of access to sensitive systems.
  • Regular security reviews and dependency patching.

No method of electronic storage or transmission is perfectly secure. While we work hard to protect your information, we cannot guarantee its absolute security.

08 · Cookies and analytics

Our website uses cookies and similar technologies to provide and improve the service. These include:

  • Essential cookies — required for site functionality (e.g. session management, security).
  • Analytics cookies — to understand how visitors use our site so we can improve it. Analytics data is aggregated where possible.
  • Preference cookies — to remember choices you have made (e.g. theme).

You can configure your browser to refuse cookies or to alert you when cookies are being sent. If you disable cookies, some parts of our site may not work as intended.

09 · Direct marketing

We may send you marketing communications about our services if you have provided your contact details and we reasonably expect that you would want to hear from us, or if you have consented. Every marketing email contains an unsubscribe link. You can also email privacy@zeroth.au to opt out at any time.

We comply with the Spam Act 2003 (Cth).

10 · Access and correction (APP 12, APP 13)

You can request access to the personal information we hold about you, and ask us to correct it if it is inaccurate, out of date, incomplete, irrelevant, or misleading. Contact details are at the bottom of this page.

We will respond to a request within a reasonable period — generally within 30 days. We may need to verify your identity before fulfilling the request. In limited circumstances we may decline to provide access (for example, where doing so would disclose another person's information) and will explain why in writing.

11 · Data retention

We keep personal information only for as long as we need it for the purposes set out in this policy or as required by law. When we no longer need it, we take reasonable steps to securely destroy or de-identify it.

Some records (e.g. financial records under the Corporations Act 2001 (Cth)) must be retained for fixed minimum periods.

12 · Notifiable data breaches

If we become aware of a data breach that is likely to result in serious harm to any individual whose personal information is involved, we will notify the affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act.

13 · Children

Our services are directed at businesses and their representatives, not at children. We do not knowingly collect personal information from people under 16. If you believe we have, please contact us so we can delete it.

14 · Changes to this policy

We may update this policy from time to time. The current version is always available at zeroth.au/privacy.html, with the "Last updated" date at the top. Material changes will be communicated by reasonable means — for example, by email or a prominent notice on our site.

15 · Contact and complaints

For privacy-related questions, requests, or complaints, contact our Privacy Officer:

  • Email · privacy@zeroth.au
  • Post · Privacy Officer, Zeroth Group Pty Ltd, 24 Dan St, Graceville QLD 4075

We will investigate the complaint and respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner:

  • Website · oaic.gov.au
  • Phone · 1300 363 992
  • Post · GPO Box 5288, Sydney NSW 2001