zeropii / Privacy policy
Privacy policy
Last updated:
1. Who we are
zeropii is a product of Go-Virtual (sole proprietorship, Dutch CoC no. 77601262), also trading as Artificial Studio. We are the data controller for the personal data processed via zeropii.nl. Questions? Email [email protected].
2. What data we process
- The name, company and email you provide to open the demo.
- The text you enter in the demo — processed temporarily to detect and mask personal data, and not stored.
- Sanitised audit data from the demo (which types of data were masked, counts, scores, timestamp) — this contains no personal data itself.
- Limited technical logs for security and abuse prevention.
3. Why we use this data
- to run the demo (detect, mask, send to the chosen AI model and restore personal data);
- to contact you about your request or interest;
- security, rate limiting and abuse prevention;
- to improve the service.
4. How the demo handles your text
zeropii is a filter that sits in front of the AI model. The personal data in your input is masked before the text reaches an AI model — only the sanitised prompt leaves the filter. The original personal data and the mapping between value and mask stay local during processing and are not stored or shared with the AI model.
5. Legal bases
- performance of your request — to show the demo;
- consent — when you leave your details so we can contact you;
- legitimate interest — for security, abuse prevention and improving the service;
- legal obligation — for administrative and tax retention duties.
6. Processors and third parties
To operate zeropii we use external providers: Supabase (database, EU) to store your demo sign-up and the sanitised audit data, and Google AI Studio for the AI model behind the "local model" in the demo. If you choose your own API key in the demo, the sanitised prompt goes to the provider you select (Anthropic, OpenAI or Google). These AI models receive only the sanitised prompt, without the masked personal data. Some providers process data outside the European Economic Area; in that case appropriate safeguards apply, such as standard contractual clauses. We do not sell personal data.
7. Retention
We keep your demo sign-up (name, company, email) for up to 24 months, or shorter if you request deletion. The text you enter in the demo is not stored. Sanitised audit data contains no personal data. Technical logs are kept as briefly as possible. Administrative and tax data are kept for as long as we are legally required to (typically 7 years).
8. Your rights
Where legally applicable, you have the right to access, rectification, erasure, restriction of processing, portability and objection. Send your request to [email protected]; we respond within one month. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
9. Changes
We may update this privacy policy. The most recent version is always on this page, with the date at the top.