CTI Zero
Legal document

Privacy Policy

Last updated: June 19, 2026

This Privacy Policy explains how Agentic Labs LLC ("we", "us") processes personal data in connection with our website and the CTI Zero threat intelligence platform (the "Service"). For processing carried out on behalf of business customers, the Data Processing Addendum also applies.

1. Data we process

Account data

  • Name, work email, organisation, role.
  • Authentication identifiers (hashed passwords, OAuth identifiers).
  • Subscription, billing and invoicing data handled by our payment processor.

Usage data

  • Watchlist keywords, saved searches, API tokens, webhook configurations.
  • Product telemetry: pages viewed, features used, error logs, IP address, user agent.

Intelligence content

  • Public threat intelligence ingested from third-party feeds. This may incidentally include personal data appearing in public advisories or breach notices.

2. Legal bases (EEA/UK)

  • Contract — to provide and bill the Service.
  • Legitimate interests — to secure the Service, prevent abuse, improve features.
  • Consent — for non-essential cookies and optional marketing.
  • Legal obligation — to comply with applicable law.

3. How we use data

  • Operate, secure and improve the Service.
  • Authenticate users and enforce access controls.
  • Process payments and provide invoices.
  • Send service notices and, with consent, product updates.
  • Investigate suspected abuse, fraud or security incidents.

4. Sharing

We share data only with vetted subprocessors that support the Service (hosting, databases, payments, email, analytics). See the current list at Subprocessors. We do not sell personal data and do not share it for cross-context behavioural advertising.

5. International transfers

Where personal data is transferred outside the EEA/UK, we rely on EU Standard Contractual Clauses, the UK Addendum or equivalent safeguards, and assess each transfer for additional measures where appropriate.

6. Retention

  • Account data: for the life of the account plus a short archival period.
  • Billing records: as required by applicable tax and accounting law.
  • Audit logs: typically up to 12 months, longer where required for security.
  • Customer-configured intelligence data: per the retention of your plan.

7. Security

TLS in transit, encryption at rest for managed databases and storage, role-based access, audit logging, least-privilege administrative access, and regular review of access. No system is perfectly secure; we encourage responsible disclosure to security@ctizero.com.

8. Your rights

Depending on your location, you may have rights to access, correct, delete, port, object to or restrict processing of your personal data, and to withdraw consent. Contact privacy@ctizero.com. You may also lodge a complaint with your local data protection authority.

9. Cookies

We use strictly necessary cookies to operate the Service (session, security, load-balancing). Non-essential cookies, if any, are loaded only with consent.

10. Children

The Service is not directed to children under 16 and we do not knowingly collect their data.

11. Changes

We will post updates here and, for material changes, notify account administrators by email.

12. Contact

Data controller: Agentic Labs LLC. Privacy contact: privacy@ctizero.com.