P2P

Privacy Policy

Effective date: July 2, 2026

This policy explains what data we collect, how we use it, and who else sees it. We keep it straightforward because you deserve to know exactly what happens with your information.

zero2ai.dev is operated by Frontier Engineering, a sole proprietorship owned by Terrence Battlehunt, based in Baltimore, MD.

1. What We Collect

We collect the minimum needed to run the product:

  • Account info: Your name, email address, and (if you use Google sign-in) your Google profile picture.
  • Payment info: Processed by Stripe. We receive your name, email, and a record of the transaction. We never see or store your full credit card number.
  • Workspace usage: We log which models your workspace calls, how many requests are made, and token counts. This is for billing awareness and abuse prevention, not surveillance.
  • Email interactions: Whether you open or click links in our onboarding emails (standard email analytics provided by Resend).

2. What We Do NOT Collect

  • We do not read your workspace conversations. Your prompts, AI responses, and project files inside your workspace are private. We do not access, monitor, or analyze the content of your AI interactions.
  • We do not sell your data. Not to advertisers, data brokers, or anyone else. Ever.
  • We do not use tracking cookies. No Google Analytics, no Facebook pixels, no ad trackers.

3. How We Use Your Data

  • Account management: To create your account, authenticate you, and manage your purchase.
  • Workspace provisioning: To set up and maintain your hosted AI workspace.
  • Email communication: To send your onboarding sequence (7 emails), workspace expiry reminders, and important product updates. No marketing spam.
  • Usage analytics: To monitor system health, detect abuse, and understand overall usage patterns (via Langfuse). This is aggregate data, not individual conversation monitoring.

4. Third Parties

These services handle parts of your data on our behalf:

Stripe

Payment processing. They see your payment details, name, and email. Subject to their own privacy policy.

Cloudflare

Hosts the website and stores account data in D1 (their database service). Also provides DNS, CDN, and tunnel access to workspaces.

Resend

Email delivery. They see your email address and email content we send you.

OpenRouter & DeepSeek

AI model access for your workspace. Your prompts are sent to DeepSeek models via OpenRouter for processing. OpenRouter sees request metadata (token counts, model used). DeepSeek processes your prompt content to generate responses. Both are subject to their own privacy policies.

Langfuse

Observability platform. We track request counts, model usage, token counts, and costs. We do not send your prompt content to Langfuse.

Vultr

Server hosting for workspaces. Your workspace runs on Vultr infrastructure. Vultr does not access workspace contents.

5. Cookies

We use a single authentication cookie to keep you logged in. That is it. No tracking cookies, no analytics cookies, no third-party cookies. We also store a theme preference (light/dark mode) in localStorage, which is not a cookie and is never sent to our servers.

6. Data Retention

  • Account data: Kept as long as your account is active. If you request deletion, we remove it within 30 days.
  • Workspace data: Your workspace files, configurations, and AI conversation history are stored on the workspace server while your access is active. After your access period expires, workspace data is deleted within 30 days.
  • Payment records: Kept for accounting and tax purposes as required by law (typically 7 years).
  • Email logs: Kept by Resend per their retention policy.

7. Data Export

You have the right to export your data at any time while your account or workspace is active:

  • Workspace data: You can download your workspace files, skill configurations, and project data directly from your workspace via SSH or the workspace interface while your access is active.
  • Account data: Email us to request a copy of the personal data we hold about you.
  • Timing: We send email reminders before your workspace expires so you have time to export. Once your workspace is deactivated, data is scheduled for deletion within 30 days and may not be recoverable.

Export your work before your access period ends. We cannot guarantee recovery of data after workspace deactivation.

8. Your Rights

You can:

  • Access: Ask us what data we have about you.
  • Export: Get a copy of your data (see Section 7).
  • Correct: Ask us to fix inaccurate information.
  • Delete: Ask us to delete your account and associated data.
  • Object: Ask us to stop processing your data for specific purposes.

To exercise any of these rights, email terrence@zero2ai.dev. We will respond within 30 days.

9. Children

zero2ai.dev is not intended for children under 13. We do not knowingly collect data from anyone under 13. If you believe a child under 13 has created an account, contact us and we will delete it.

10. Security

We use HTTPS everywhere, authenticate via Better Auth with secure session handling, and isolate workspace environments per user on shared infrastructure. No security system is perfect, but we take reasonable measures to protect your data.

11. Changes to This Policy

If we make material changes to this privacy policy, we will email you at least 30 days before the changes take effect. The effective date at the top of this page will be updated.

12. Contact

Questions about your privacy? Email us at terrence@zero2ai.dev.