Privacy Policy

When you submit text, a URL, or a file to NULLO for scanning, that content is loaded into an isolated, in-memory compute environment. Our AI engine analyzes it, a report is generated, and the content is discarded. Nothing you submit is written to a database, a log file, an object store, or any other persistent medium.

We do not sell your data. We do not share your submitted content with third parties for advertising purposes. We do not use your submissions to train or fine-tune any AI model.

Operational metadata: When you run a scan, our servers log the minimum information needed to operate the service reliably. This includes the timestamp of the request, the input type (text, URL, or file), the byte size of the input, and the duration of the scan. Your submitted content is not part of this log.

Analytics: We may use privacy-respecting analytics tools to understand aggregate usage patterns, such as which pages are visited and how the product is used. These tools do not receive your submitted scan content.

Wallet connection: NULLO uses a crypto wallet sign-in flow for optional account features. If you connect a wallet, we store only your public wallet address. We do not store private keys, seed phrases, or any data you have not explicitly provided.

Cookies and local storage: See the Cookie Policy for a full description of what we store in your browser.

NULLO routes submitted content through our AI engine for analysis. This engine runs on third-party cloud infrastructure operating under data processing agreements that prohibit the provider from accessing, retaining, or using your content for any purpose beyond processing your request.

Your content is not retained by infrastructure providers after the scan completes. We refer to the AI engine generically in this policy; we do not make guarantees about specific model behavior beyond what is described here.

Operational metadata is used to monitor service reliability, diagnose errors, and measure performance. It is not used to build profiles of individual users.

Aggregate, anonymized usage statistics may be used to improve the product and inform decisions about which features to build next.

We do not sell or rent your data to any third party.

We may share operational metadata with cloud infrastructure and monitoring vendors strictly for the purpose of running the service. These vendors are contractually prohibited from using this data for their own purposes.

We may disclose data if required by law, court order, or a valid legal process. In such cases, we will disclose only the minimum required and, where legally permitted, notify you in advance.

Because we do not store your submitted scan content, there is typically no personal data for us to access, correct, or delete in connection with a scan. If you have connected a wallet, you may request deletion of your public wallet address by contacting us.

Depending on your jurisdiction, you may have rights under applicable privacy law (such as GDPR or CCPA) including the right to access, correct, or delete personal data we hold. Contact us at the address below to exercise these rights.

Submitted scan content: not retained after the scan completes.

Operational metadata (timestamp, input type, byte count, duration): retained for up to 90 days for operational and diagnostic purposes, then deleted.

Wallet addresses (if connected): retained until you request deletion.

All traffic between your browser and NULLO infrastructure is encrypted using TLS 1.3. We enforce HTTPS for all endpoints. Infrastructure access is restricted to authorized personnel only.

Despite these measures, no system is perfectly secure. If you believe you have discovered a security issue, please report it to the contact address below.

We may update this policy from time to time. When we do, we will update the 'Last updated' date at the top of this page. If changes are material, we will provide additional notice where practical. Continued use of NULLO after changes take effect constitutes acceptance of the updated policy.

For privacy-related questions or to exercise your data rights, contact us at: hello@nullo.io

For security disclosures: security@nullo.io

Governing law: [PLACEHOLDER - jurisdiction to be confirmed upon company registration].