ZAICORESecurity
LoginGet protected
Legal

Privacy Policy

Last updated: May 2026. Plain-English summary: we never sell your data.

Who we are

Zaicore Software Solutions Inc. (“ZAICORE”, “we”, “us”) is a Canadian cybersecurity company. Our registered address is in Ontario, Canada. We operate under the Personal Information Protection and Electronic Documents Act (PIPEDA).

What we collect

Account data: email address, name, and billing information. Card payments are handled by Stripe — we never see your full card number.

Monitored data: email addresses and phone numbers you add for breach monitoring. Passwords you authorize for credential scanning are hashed locally on your device before transmission — we never see plaintext passwords.

Device data: if you install the ZAICORE device scanner, it submits scan results (findings, hardware fingerprint) to associate with your account. No personal files are transmitted — only metadata about threats found.

Inbox data (Email Guardian). If you connect an email inbox, we read incoming messages in real time to flag phishing, business-email compromise, and malicious attachments. Your inbox credentials are stored with per-user AES-256 envelope encryption. We do not store the full body of your emails — only a short excerpt of the messages our triage flags as suspicious or malicious, retained for 30 days and then deleted. We never train AI models on your email contents. You can disconnect at any time; disconnection cryptographically erases your stored credentials.

Usage data: standard server logs (IP address, request paths, timestamps). We retain logs for 30 days.

How we use your data

To deliver the ZAICORE service. To send breach alerts, weekly briefings, and security notifications you have opted into. To support your account when you contact us. To detect and prevent fraud or abuse of the service.

We do not sell, rent, or share your personal data with third parties for marketing purposes. Ever.

AI and automated processing

ZAICORE uses artificial-intelligence models to power its chat assistant, threat analysis, and remediation guidance. Requests are routed through a unified AI provider gateway that forwards to underlying model providers. Customer data shared with these providers is processed under contractual terms that prohibit use of your data for training general-purpose AI models. We never authorize third-party AI providers to train on your personal information. Aggregated, non-personal usage metrics may be exchanged for billing and reliability purposes only.

How we protect your data

In transit. All connections to ZAICORE use TLS 1.2 or better. Internal service-to-service traffic is restricted to private networks.

At rest. Sensitive fields stored in our production database — including device authentication tokens and any encrypted third-party credentials you authorize — are protected using AES-256 envelope encryption with per-user keys. Passwords are hashed with bcrypt at industry-standard cost factors. We never store plaintext passwords.

Access control. Access to production systems is restricted to ZAICORE personnel and enforced with multi-factor authentication, including phishing-resistant factors on critical systems. Administrative actions are logged.

Backups. Database backups are encrypted and access-controlled. Backups are retained only for the period required to support recovery.

Third-party services we use

To deliver the ZAICORE service we rely on a small set of vendors, each governed by their own privacy policy and bound by a written data-processing agreement with us:

  • Stripe — payment processing.
  • Railway — application hosting and managed database.
  • Cloudflare — content delivery and denial-of-service protection.
  • Resend — transactional email delivery (sign-in codes, alerts, receipts).
  • AI provider gateway — routes AI model requests on a no-training basis as described above.

We do not share your personal information with these vendors beyond what is required for them to perform the service we have contracted them for.

Cross-border data transfer

ZAICORE is incorporated in Canada, but several of our service providers operate primarily from the United States. By using ZAICORE, you acknowledge that your personal information may be processed, stored, or transferred outside Canada in connection with those services. We require all providers to maintain protections substantially equivalent to those required under PIPEDA.

Data retention

Your account data is retained while your account is active. On account deletion, all personal data is purged within 24 hours, with the exception of any records we are legally required to retain (such as billing records under Canadian tax law). Anonymized aggregate statistics, which cannot be linked back to you, may be retained indefinitely.

Your rights

Under PIPEDA, you have the right to access the personal information we hold about you, to correct it, and to request its deletion. You can exercise these rights from your account settings or by emailing zachary@zaicore.com. We respond to verified requests within 30 days. You may also file a complaint with the Office of the Privacy Commissioner of Canada at any time.

Security incident notification

In the event of a security incident that creates a real risk of significant harm to your personal information, we will notify you and the Office of the Privacy Commissioner of Canada in accordance with PIPEDA breach notification requirements. Notifications will describe the nature of the incident, the categories of data involved, the steps we are taking in response, and what you can do to protect yourself.

Children’s privacy

ZAICORE is intended for adults and is not directed at children. We do not knowingly collect personal information from anyone under the age of 16. If you believe a child has provided information to us, contact zachary@zaicore.com and we will delete it promptly.

Cookies

We use essential cookies for session management and authentication. We do not use third-party tracking cookies. See our Cookie Policy for details.

Changes to this policy

We will update this policy when our practices change. The “Last updated” date at the top reflects the current version. Material changes will be communicated by email or in-product notice before they take effect.

Contact

Privacy questions: zachary@zaicore.com