Zero to Hundred
Back to Home

Privacy Policy

Last updated

This Privacy Policy describes how Zero to Hundred, Inc. (“Zero to Hundred,” “we,” “us,” or “our”) collects, uses, and shares personal information when you visit our websites or use the Zero to Hundred marketplace (collectively, the “Platform”). It applies alongside our Terms of Use.

1. Information we collect

We collect information you provide, information we receive automatically when you use the Platform, and information from third parties (such as identity verification providers).

Information you provide

  • Account. When you create an account via Clerk, we receive your name, email, and OAuth-linked profile data (e.g., from GitHub or LinkedIn).
  • Identity verification. Builders who receive payouts and Buyers transacting above the escrow threshold complete KYC through Stripe Connect, which may include legal name, date of birth, address, tax ID, and government-issued ID.
  • Listing and disclosure content. Information you submit as a Builder — listing details, demo videos, walkthroughs, test environment credentials, and source code shared during a Transaction.
  • Communications. Messages you send to other users on the Platform, support requests, and feedback.
  • Payment instruments. Card and bank details are submitted directly to Stripe Connect and are not stored on our servers; we receive only summary information (e.g., last four digits, network).

Information we collect automatically

  • Device and log data. IP address, browser, operating system, referrer, and pages viewed. Used for security, fraud prevention, and operating the Platform.
  • Usage events. Listing views, saves, searches, and other interactions used to improve the marketplace.
  • Cookies and similar technologies. Used for authentication, session continuity, preferences, and (where applicable) analytics.

Information from third parties

We receive information from our subprocessors (see §4) in the course of providing the Platform — for example, authentication results from Clerk, KYC and payment status from Stripe Connect, and email-delivery events from our email provider.

2. How we use information

  • Operate the Platform — authenticate you, run Transactions, hold escrow, release source code, run disputes, send notifications, and pay out Builders.
  • Verify identity and prevent fraud, abuse, and money-laundering, including by sharing information with Stripe Connect for KYC.
  • Improve the Platform — measure feature usage, diagnose problems, and inform product decisions.
  • Communicate with you — transactional notifications (e.g., a Buyer accepted your offer), service updates, and (where you've opted in) marketing.
  • Comply with legal obligations and enforce our Terms of Use.

3. Legal bases (if you're in the EEA / UK)

Where the GDPR applies, we process personal information on the following bases: (a) contract — to provide the Platform and complete Transactions; (b) legitimate interests — to keep the Platform secure, prevent fraud, and improve the product, weighed against your rights; (c) legal obligation — to meet KYC, tax, and other regulatory requirements; and (d) consent — for optional communications and any analytics that require it.

4. Sharing & subprocessors

We share personal information with the following service providers (subprocessors), each acting on our behalf to operate the Platform:

  • Clerk. Account authentication and identity verification.
  • Stripe (incl. Stripe Connect). Payments, escrow, payouts, and KYC for Builders.
  • Supabase. Primary application database (PostgreSQL).
  • Vercel. Application hosting, scheduled jobs (cron), and cookieless web traffic and performance analytics.
  • PostHog. Product analytics (usage events and conversion funnels).
  • Google Analytics. Web and acquisition analytics.
  • Upstash. Redis-backed rate limiting and caches.
  • Resend. Transactional and lifecycle email.

We may also share information (a) with other users as required to complete a Transaction (e.g., a Buyer's identity may be visible to the Builder once a deal begins); (b) with professional advisors, auditors, and insurers; (c) in connection with a merger, acquisition, or sale of assets; and (d) when required by law, regulation, or valid legal process.

We do not sell personal information for monetary consideration. Where “sale” or “sharing” is defined more broadly under state law (e.g., for cross-context behavioral advertising), we describe how to opt out in §7 below.

5. International transfers

The Platform is operated from the United States. If you access the Platform from another jurisdiction, your information will be transferred to and processed in the United States and any other regions where our subprocessors operate. Where required, transfers from the EEA, UK, or Switzerland rely on Standard Contractual Clauses or other approved mechanisms.

6. Data retention

We retain personal information for as long as your account is active, plus the period needed to: complete open Transactions, resolve disputes, meet tax and regulatory record-keeping requirements (which may require retaining Transaction records for several years), and enforce our agreements.

When you request deletion, we apply a 30-day grace period to allow recovery and chargeback resolution, then hard-delete or de-identify data that is not subject to a legal hold or retention obligation.

7. Your rights

Depending on where you live, you may have rights to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Delete your information, subject to legal retention obligations.
  • Port your information to another service.
  • Object to or restrict certain processing, including processing based on legitimate interests.
  • Withdraw consent where we rely on consent (this won't affect lawful processing before withdrawal).
  • Opt out of any “sale” or “sharing” of personal information as those terms are defined under applicable state law.
  • Lodge a complaint with a supervisory authority.

To exercise these rights, email privacy@zerotohundred.ai. We may need to verify your identity before acting on a request. We will not discriminate against you for exercising any privacy right.

8. Cookies & tracking

We use cookies and similar technologies to keep you signed in, remember preferences, secure the Platform, and (where applicable) measure usage. You can control cookies through your browser settings; blocking some cookies may break parts of the Platform such as authentication.

9. Security

We use a layered approach: encryption in transit (HTTPS), encryption at rest for sensitive fields like test-environment credentials, identity verification provided by Clerk, payment information handled directly by Stripe Connect, secret comparisons that resist timing attacks, rate limits on costly endpoints, and ongoing security review. No system is perfectly secure; we will notify you of any breach affecting your information as required by law.

10. Children

The Platform is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with information, contact us so we can delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time as the Platform evolves. The “Last updated” date at the top of this page shows when the document last changed. Material changes will be communicated by a reasonable means (such as a notice in-product or by email).

12. Contact

Privacy questions and requests can be submitted through our Contact page. For account or transaction help, use our Support page so it routes to on-call.

Zero cost. Zero risk.

Hundreds of reasons to list.

Zero to Hundred

The marketplace where shipped becomes sold.

Get product news from Zero to Hundred

© 2026 Zero to Hundred. All rights reserved.