ZeroPulse ("we", "our", or "us") is operated by EvolveTech LLC. This policy explains what information we collect when you use the ZeroPulse iOS app, how we use it, and how it is protected.
| Data | How collected | Where stored |
|---|---|---|
| Email address & display name | When you sign up with email, or sign in with Apple or Google | Firebase Authentication |
| Profile photo (optional) | When you tap the avatar picker in Settings and choose a photo from your library | Locally on your device only (iOS AppStorage) |
| Security findings & feed items | Fetched from public sources (NVD, CISA KEV, MSRC, RSS/Atom feeds) on your behalf | Locally on your device (SwiftData) |
| AI query content | Text you type in the Ask screen | Transmitted to our Cloud Function then to xAI; not stored |
| AI usage counter | Incremented automatically each time you submit a query | Firestore — userAiUsage/{uid} |
| Push notification token (APNs) | Generated by iOS after you grant notification permission (Pro plan only) | Firestore — users/{uid} |
| Organization membership | When you create or join a Team workspace | Firestore — organizations/{orgId} |
| Watched products & source preferences | Your selections in Settings | Locally on your device (UserDefaults / SwiftData) |
| Subscription status | Verified through Apple StoreKit 2 on each launch | Locally on your device; plan state in Firestore for team grants |
| Integration credentials (MCP) | API keys or tokens you enter when connecting a security tool | iOS Keychain only — never uploaded to ZeroPulse servers |
When you submit a question in the Ask screen, the following is transmitted to our Firebase Cloud Function (askGrok, hosted in us-central1) and then forwarded to the xAI Grok API:
What is NOT sent to xAI: your email address, password, payment details, photo library, location, APNs token, integration credentials, or any data unrelated to your query.
AI conversations are not stored permanently. The Cloud Function enforces per-user rate limits (10 queries/month on Free, 100/month on Pro/Team) and rejects requests that exceed the limit before any content is forwarded to xAI.
xAI: AI inference provider. See x.ai/legal/privacy-policy.
Push notifications are an optional Pro feature. If you enable them in Settings:
users/{uid}/apnsToken) so our backend can address notifications to your device.The APNs token does not identify you personally and cannot be used to track you across apps or websites.
ZeroPulse supports connecting your existing security tools (CrowdStrike, Snyk, Wiz, and 20+ others) via the Model Context Protocol (MCP). Credentials — API keys, bearer tokens, or OAuth access tokens — are stored exclusively in the iOS Keychain on your device. They are never uploaded to ZeroPulse servers.
When you query an integration, credentials are forwarded from your device directly to your self-hosted ZeroPulse Gateway, which communicates with the vendor on your behalf. Your Gateway runs on infrastructure you control. ZeroPulse does not have access to your Gateway or the responses it returns from your security tools.
For Team workspaces, integration configuration metadata (server name, endpoint URL, transport type — but not credentials) may be synced to Firestore so team members can see which integrations are enabled. Credentials remain on each user's device.
When you tap "Export PDF" in the Executive Summary screen, the report is generated entirely on your device using SwiftUI's ImageRenderer. No data is transmitted to ZeroPulse servers during or after PDF generation. The resulting file is shared via the standard iOS share sheet — where you send it is your choice.
ZeroPulse fetches vulnerability data from the following public APIs on your behalf:
These requests are made from your device directly to each public API. No personal information is included in these requests beyond what your device's network connection naturally reveals (IP address, standard HTTP headers).
ZeroPulse uses Firebase services for authentication, database, and cloud functions:
askGrok AI proxy function, enforcing rate limits server-side.See firebase.google.com/support/privacy and policies.google.com/privacy.
If you sign in with Google, Google Sign-In is handled by the GoogleSignIn SDK. See policies.google.com/privacy.
If you sign in with Apple, Apple handles authentication and may share a relay email address with us. See apple.com/legal/privacy.
Subscriptions (Pro Monthly, Pro Yearly, Team Monthly, Team Yearly) are managed entirely through Apple's in-app purchase system using StoreKit 2. We never receive your payment card details. Apple handles all billing and refunds. See apple.com/legal/privacy.
To restore a purchase on a new device, use the "Restore Purchases" option in Settings.
Security findings, feed items, source preferences, and watched products are stored locally on your device and are removed when you uninstall the app.
Data stored in Firestore (user profile, AI usage, APNs token, org membership) is retained until you delete your account. You can delete your account at any time in Settings → Delete Account — this triggers immediate deletion of all your Firestore records and revokes your Firebase Auth session.
You have the right to access, correct, erase, restrict processing of, and port your personal data. To exercise any right, email evolvetech86@gmail.com. We respond within 30 days. You may also lodge a complaint with your local data protection authority.
To delete all your data, use Settings → Delete Account in the app, or email us and we will delete it manually within 30 days.
ZeroPulse is a professional security tool intended for adults. It is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. Contact us immediately at evolvetech86@gmail.com if you believe a child has created an account.
We may update this policy as ZeroPulse evolves. Significant changes will be communicated through the app or by email to your registered address.
📧 Privacy enquiries: evolvetech86@gmail.com
🛟 General support: evolvetech86@gmail.com
🗑 Data deletion: evolvetech86@gmail.com — we respond within 30 days