CERO LABS
Home

Privacy Policy

Effective April 14, 2026

1. Who We Are

Cero Labs, Inc. (“Cero Labs,” “we,” “us,” or “our”) operates a technology platform that connects users seeking expert review (“Customers”) with independent, qualified third-party professionals (“Experts”). Cero Labs operates as a matching and connection service. We do not provide medical, legal, financial, tax, clinical, or any other form of professional advice, and we do not employ the Experts. The Experts are independent professionals responsible for their own work product.

This Privacy Policy explains how we collect, use, disclose, and protect information in connection with our website (cerolabs.ai, app.cerolabs.ai), API, MCP server, SDKs, and other products and services (collectively, the “Services”).

2. Information We Collect

2.1 Information You Provide

  • Account information: Name, email, company, billing email, and authentication credentials when you register a tenant account.
  • Expert profile information: Name, email, domains of expertise, credentials, and availability, if you join the Expert network.
  • Escalation content: Queries, context, output schemas, metadata, and any other content you submit when requesting an expert review.
  • Resolution content: Answers, reasoning, and confidence values that Experts submit in response to escalations.
  • Feedback: Ratings and comments on expert resolutions.
  • Communications: Messages you send to support or through other Services features.

2.2 Information Collected Automatically

  • Usage data: API calls, response times, credit balance changes, error logs.
  • Device and connection data: IP address, user agent, operating system, browser type, referrer URL.
  • Cookies and similar technologies: For authentication, preferences, and basic analytics. See Section 7.

2.3 Information from Third Parties

  • Payment data: Stripe, Inc. processes all payments. We receive payment confirmation and minimal metadata (last four digits of card, customer ID) but do not store full payment card numbers.
  • Authentication providers: If you use OAuth, we receive the profile information authorized by you.

3. Your Responsibility Regarding Submitted Content

You are solely responsible for the content you submit to the Services, including escalation queries and context. Before submitting any content, you must ensure that:

  • You have the legal right to share the content with Cero Labs and the Expert.
  • You have obtained any necessary consents, authorizations, or Business Associate Agreements (BAAs) required by applicable law (including, without limitation, HIPAA, GDPR, CCPA/CPRA, and state-specific privacy laws).
  • The content does not include protected health information (PHI), personally identifiable information (PII), or other sensitive information that is not appropriately de-identified or that you are not authorized to share.

Cero Labs is not a covered entity or business associate under HIPAA unless you have entered into a separate, written Business Associate Agreement with us. By default, the Services are not configured for PHI. Do not submit PHI without a fully executed BAA.

4. How We Use Information

We use the information we collect to:

  • Provide, operate, and maintain the Services, including routing escalations to Experts.
  • Authenticate users, manage tenant accounts and API keys, and prevent fraud.
  • Process payments, manage credit balances, and provide billing support.
  • Communicate with you about your account, service updates, and security notices.
  • Monitor, analyze, and improve the quality, safety, and reliability of the Services.
  • Comply with applicable laws, regulations, and legal process.
  • Enforce our Terms of Service and protect the rights, property, and safety of Cero Labs, Experts, Customers, and the public.

We do not sell personal information. We do not use your escalation content to train foundation models without your explicit written consent.

5. How We Share Information

We share information as follows:

  • With Experts: When you submit an escalation, the escalation content is shared with the matched Expert for the purpose of generating a resolution. Experts are bound by confidentiality obligations in their agreements with Cero Labs, but are independent professionals responsible for their own compliance.
  • With service providers: We work with infrastructure, hosting, email, analytics, and payment providers who process information on our behalf (including Stripe, Railway, Supabase, Vercel, and similar vendors). These providers are bound by data processing agreements consistent with this Policy.
  • For legal reasons: We may disclose information if we believe in good faith that it is necessary to comply with a law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Cero Labs, users, or others.
  • Business transfers: In connection with a merger, acquisition, financing, or sale of all or part of our business, information may be transferred as part of that transaction.
  • With your consent: In any other case with your explicit consent.

6. Data Retention

We retain account information for as long as your account is active and for a reasonable period thereafter for legitimate business purposes (e.g., financial records, dispute resolution, legal obligations). Escalation content is retained to provide audit trails, resolution history, and service quality monitoring, typically for up to seven (7) years unless a shorter period is required by law or contract. You may request deletion of your account and associated data as described in Section 9.

7. Cookies and Tracking

We use strictly necessary cookies and similar technologies for authentication, session management, and preferences. We may use limited first-party analytics to understand aggregate usage patterns. We do not use cross-site advertising cookies. You can control cookies through your browser settings; disabling them may impact functionality.

8. Security

We implement technical and organizational safeguards designed to protect information, including encryption in transit (TLS), encrypted storage for credentials and API keys (SHA-256 hashing), role-based access controls, and audit logging. No security measures are perfect, and we do not guarantee absolute security. You are responsible for safeguarding your API keys, portal tokens, and credentials.

9. Your Rights and Choices

Depending on where you live, you may have rights including:

  • Access to the personal information we hold about you
  • Correction of inaccurate information
  • Deletion of your personal information (subject to certain exceptions)
  • Portability of your information in a structured, machine-readable format
  • Objection to or restriction of certain processing activities
  • Withdrawal of consent where processing is based on consent

To exercise these rights, contact us at privacy@cerolabs.ai. We will respond within the timeframe required by applicable law. We may need to verify your identity before responding.

10. International Users

Cero Labs is based in the United States. If you access the Services from outside the U.S., your information may be transferred to, stored in, and processed in the U.S. or other countries where our service providers operate. We use appropriate safeguards (including standard contractual clauses where applicable) for cross-border transfers.

11. Children

The Services are not directed to individuals under 18, and we do not knowingly collect personal information from children. If you believe a child has provided information to us, please contact privacy@cerolabs.ai so we can delete it.

12. Changes to This Policy

We may update this Policy from time to time. When we make material changes, we will post the updated Policy with a new effective date and notify account holders by email or in-product notice. Your continued use of the Services after an update constitutes acceptance of the updated Policy.

13. Contact Us

For privacy questions, data subject requests, or to report a concern, contact:
Cero Labs, Inc.
Email: privacy@cerolabs.ai
Support: contact@cerolabs.ai