Privacy Policy
Last updated: March 2026
This policy explains what data Entropy0 (“we”, “us”, “our”) collects when you use our domain intelligence platform, why we collect it, and what rights you have over it. Entropy0 is operated by [Company Name], incorporated in [Jurisdiction].
1. Data we collect
Account data
When you register, we collect your email address. This is stored in our authentication system (Supabase Auth) and used to identify your account, send transactional emails (e.g. password reset), and associate your scan history and billing records with you.
Scan data
When you run a domain scan, we store the input domain, the timestamp, and the computed score outputs (Trust, Threat, Deviation scores and their constituent signals). This data is tied to your user account and is not shared with other users or used to train models. You can export or delete your scan history at any time.
Payment data
Payments are handled by Stripe. We never receive or store raw card numbers, CVVs, or expiry dates. We store your Stripe customer ID and subscription ID in our database to manage billing state. Stripe’s own privacy policy governs how card data is handled.
API keys
API keys you create are stored in hashed form. The full plaintext key is shown only once at creation. We log API key usage (request count, last-used timestamp) for quota enforcement.
Usage logs
We collect server-side request logs (endpoint, timestamp, response code) for reliability monitoring and abuse detection. These logs are retained for 30 days and are not sold or shared.
2. Why we collect it
We process your data on the following legal bases:
- —Contract performance — to provide the scanning service you signed up for, enforce plan quotas, and process billing.
- —Legitimate interests — to detect abuse, prevent quota circumvention, and improve service reliability.
- —Legal obligation — to retain billing records as required by applicable tax and financial regulations.
3. Data retention
- —Scan history is retained while your account is active and for 30 days after account deletion.
- —Payment and billing records are retained for 7 years to comply with financial regulations.
- —Server logs are retained for 30 days.
- —API key records are deleted immediately upon revocation.
4. Sub-processors
We use the following third-party services to operate Entropy0:
| Processor | Purpose | Location |
|---|---|---|
| Supabase | Database and authentication | EU / US |
| Stripe | Payment processing | US |
| Vercel | Application hosting | US / EU |
5. Your rights
Depending on your jurisdiction (including GDPR for EEA residents and CCPA for California residents), you may have the right to:
- —Access — request a copy of the personal data we hold about you.
- —Portability — export your scan history via the History page or the CSV export feature.
- —Correction — update your email address via your account settings.
- —Deletion — request deletion of your account and associated scan data. Billing records subject to legal retention periods are excluded.
- —Objection — object to processing based on legitimate interests.
To exercise any of these rights, email beta@entropy0.ai with the subject “Privacy Request”. We will respond within 30 days.
6. Cookies
We use a single session cookie for authentication (set by Supabase Auth). We do not use advertising cookies, third-party tracking pixels, or analytics that identify individual users across sites.
7. Changes to this policy
We will post any material changes to this page and update the “Last updated” date. Continued use of the service after changes take effect constitutes acceptance of the revised policy.
8. Contact
Questions about this policy: beta@entropy0.ai