Security

Infrastructure Security

• All web traffic is served over HTTPS with HTTP Strict Transport Security (HSTS).
• Backend servers are hosted on SOC 2 Type II certified cloud infrastructure.
• Database access is restricted to internal services only, with no public endpoints.
• Regular automated vulnerability scanning and dependency audits.
• Access controls and least-privilege principles applied to all internal systems.

Desktop App Security

• The ZeroTraceAI app is code-signed on both macOS and Windows to prevent tampering.
• Ghost Mode overlay operates at the OS composition layer — invisible to any screen capture or recording tool without requiring special permissions.
• Audio capture uses your system microphone only while the session is active. No background recording occurs.
• All session tokens are stored in encrypted local storage and are invalidated on logout.

Payment Security

ZeroTraceAI does not store credit card or UPI details. All payments are handled by PCI-DSS compliant payment processors (Razorpay). We only receive a transaction confirmation token.

Responsible Disclosure

If you discover a security vulnerability in ZeroTraceAI, please report it responsibly to security@zerotrace.ai. We will acknowledge your report within 48 hours and work to resolve confirmed issues promptly. We do not take legal action against researchers who follow responsible disclosure guidelines.

Security Updates

We release security patches as part of our regular update cycle. Critical vulnerabilities are patched immediately. Ensure you always run the latest version of the ZeroTraceAI desktop app to receive all security fixes.

Contact

Security concerns: security@zerotrace.ai