Privacy Policy
Last updated: April 30, 2026
Tozero Corp (“Tozero,” “we,” “us”) operates toZero Home (the “Service”). This policy describes how we collect, use, and share information when you use the Service. It applies to visitors and registered users worldwide, with primary operations in the State of Delaware, USA.
1. What we collect
- Account data: email address and authentication identifiers from our identity provider (Supabase Auth).
- Equipment & maintenance data: information you enter about machines, schedules, reminders, uploads, and related preferences.
- Technical data: basic logs (IP, user agent, timestamps) from hosting and application infrastructure for security and reliability.
- Payment metadata: if you subscribe, Stripe processes card data; we receive subscription status and customer identifiers from Stripe, not full card numbers.
2. How we use data
We use data to provide and improve the Service (including AI-assisted extraction of maintenance schedules from manuals you provide or we retrieve on your behalf), send notifications you configure, prevent abuse, comply with law, and communicate about the Service.
3. Legal bases (EEA/UK visitors)
Where GDPR applies, we rely on contract (providing the Service), legitimate interests (security, product improvement balanced against your rights), and consent where required (for example non-essential cookies or marketing, if offered).
4. Sharing & sub-processors
We share data with vendors that help us run the Service. Current categories include hosting and application platform (Vercel), database and authentication (Supabase), AI inference (Anthropic), web search for manual discovery (Brave Search), transactional email (Resend), payments (Stripe), and push delivery infrastructure as configured. We do not sell your personal information.
5. Retention & deletion
We retain information while your account is active and for a limited period afterward for backups, legal compliance, and dispute resolution. You may delete your account from Settings; that removes associated profile and equipment data from our primary database subject to residual backup rotation.
6. Security
We use industry-standard safeguards including encryption in transit (HTTPS), access controls, and least-privilege service accounts. No method of transmission or storage is 100% secure.
7. International transfers
We may process data in the United States and other countries where our sub-processors operate. Where required, we use appropriate safeguards (such as Standard Contractual Clauses).
8. Your rights
Depending on jurisdiction, you may have rights to access, correct, delete, export, or restrict processing of your personal data, and to object to certain processing. Contact us below to exercise these rights.
9. Children
The Service is not directed to children under 16, and we do not knowingly collect their personal information.
10. Changes
We may update this policy from time to time. We will post the new version here and update the “Last updated” date.
11. Contact
Questions or requests: admin@tozero.io
Entity: Tozero Corp (Delaware, USA)