Privacy Policy
1. Who We Are
CERO ("we", "us", "our") is a communication-assistance service available at https://ceroproblema.casa. We help users compose better replies in difficult interpersonal situations using AI-powered analysis.
For privacy inquiries, contact us at: cero.problema.casa@gmail.com
2. Information We Collect
2.1 Information you provide directly
- Account data — email address and hashed password when you register.
- Situation text — the conflict description, roles, tone preference, and goal you enter in the consultation form. This is the core input to our AI analysis.
- Voice recordings — if you use the voice-input feature, audio is transcribed locally in your browser using the Web Speech API. We do not store raw audio files on our servers.
- Images / screenshots — if you attach screenshots, they are processed locally in your browser using OCR (Tesseract.js). The extracted text may be sent to our AI backend for analysis; the original image is never uploaded to our servers.
2.2 Information collected automatically
- Log data — IP address, browser type, pages visited, and timestamps when you access our service. Retained for up to 30 days.
- Session tokens— a JWT stored in your browser's local storage to keep you signed in.
- Local storage keys — we store a cookie-consent flag (
cero_cookies_v2_ok) locally to remember your preference.
2.3 Information we do NOT collect
- We do not collect payment card numbers (handled entirely by third-party payment processors).
- We do not use advertising trackers or sell your data.
- We do not build advertising profiles.
3. How We Use Your Information
| Purpose | Legal basis (GDPR) |
|---|---|
| Providing and improving the consultation service | Contract performance (Art. 6(1)(b)) |
| Account authentication and security | Contract performance (Art. 6(1)(b)) |
| Sending email verification and transactional emails | Contract performance (Art. 6(1)(b)) |
| Detecting and preventing abuse (rate limiting) | Legitimate interests (Art. 6(1)(f)) |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c)) |
| Improving AI model quality (aggregated, anonymised) | Legitimate interests (Art. 6(1)(f)) |
4. AI Processing of Your Data
When you submit a consultation, your situation text is sent to an AI language model to generate advice. We currently use:
- DeepSeek API (deepseek-chat / DeepSeek-V3) — operated by DeepSeek AI. Your text is subject to DeepSeek's Privacy Policy.
- OpenAI API (GPT-4o-mini, if configured) — operated by OpenAI, Inc. Subject to OpenAI's Privacy Policy.
Important: Do not include sensitive personal data in your consultation text (e.g. health conditions, financial account numbers, government IDs). We recommend describing situations in general terms.
If no AI API key is configured, analysis is performed entirely on our own servers using a rule-based engine — no data leaves our infrastructure.
5. Data Retention
- Account data — retained while your account is active. You may request deletion at any time (see Section 7).
- Session history — consultation sessions are stored in our database linked to your account. You can view and access them; we retain them for the lifetime of your account.
- Server logs — automatically deleted after 30 days.
6. Cookies and Local Storage
We use no third-party advertising cookies. We use:
| Name | Type | Purpose | Expiry |
|---|---|---|---|
cero_token | Local storage | Keeps you signed in (JWT) | 7 days |
cero_cookies_v2_ok | Local storage | Records your cookie consent | Persistent |
7. Your Rights
Depending on your location, you have rights under the GDPR (EU/EEA), UK GDPR, or similar laws:
- Right of access — request a copy of the data we hold about you.
- Right to rectification — ask us to correct inaccurate data.
- Right to erasure ("right to be forgotten") — ask us to delete your account and associated data.
- Right to data portability — receive your data in a structured, machine-readable format.
- Right to object — object to processing based on legitimate interests.
- Right to restrict processing — ask us to pause processing in certain circumstances.
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.
To exercise any right, email us at cero.problema.casa@gmail.com. We will respond within 30 days.
8. Data Security
We protect your data using:
- HTTPS/TLS encryption for all data in transit.
- Bcrypt password hashing — your password is never stored in plain text.
- Parameterized database queries to prevent SQL injection.
- Rate limiting (5 auth requests per minute) to prevent brute-force attacks.
- JWT tokens with short expiry (7 days) for session management.
Despite these measures, no system is 100% secure. In the event of a data breach that affects your rights, we will notify you within 72 hours as required by GDPR.
9. Data Transfers
Our backend infrastructure is hosted on Railway (United States). Our frontend is hosted on Vercel (United States). When you use CERO from outside the US, your data is transferred to the US. We rely on Standard Contractual Clauses (SCCs) and the data-processing agreements of our hosting providers as the legal basis for such transfers.
10. Children's Privacy
CERO is not intended for users under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. Third-Party Services
We use the following third-party processors:
| Service | Purpose | Data shared |
|---|---|---|
| Railway (hosting) | Backend server and database | All server-side data |
| Vercel (hosting) | Frontend delivery | IP addresses, request logs |
| DeepSeek API | AI analysis | Situation text you submit |
| Gmail / Google SMTP | Transactional email delivery | Your email address |
| Neon (PostgreSQL) | Database | Account and session data |
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page and, where required by law, notify you by email. Your continued use of CERO after changes constitutes acceptance of the updated policy.
13. Contact Us
For questions, requests, or complaints about this Privacy Policy or our data practices:
CEROEmail: cero.problema.casa@gmail.com
Website: https://ceroproblema.casa
If you are in the EU/EEA and believe your data has been mishandled, you have the right to lodge a complaint with your local supervisory authority (e.g. your national data protection authority).