Privacy Notice
Last Updated: January 26, 2026
This Privacy Notice describes how ZeroDay-Scanner and its affiliates (collectively "ZeroDay", "we", "us", or "our") collect, use, and share information in connection with your use of our websites, services, and applications (collectively, the "Services"). By using the Services, you agree to the collection and use of information in accordance with this policy.
1. Introduction and Scope
ZeroDay-Scanner is committed to protecting the privacy and security of your data. This comprehensive Privacy Policy outlines our practices regarding the collection, use, processing, and disclosure of information that you may provide via this website and our malware scanning infrastructure. We recognize that in the cybersecurity domain, trust is paramount. As such, we have adopted rigorous data protection standards aligned with global best practices to ensure transparency in our operations.
This policy applies to all users, visitors, and authorized personnel accessing the ZeroDay-Scanner platform, including but not limited to our file analysis engines, hash lookup APIs, heuristic scanning modules, and reporting dashboards. Whether you are a casual visitor, a registered developer, or an enterprise client utilizing our API endpoints, this policy governs our relationship with your data.
Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the site, upload files for analysis, or use any of our services. Your continued use of the ZeroDay-Scanner platform constitutes your explicit consent to the terms described herein.
2. Definitions and Interpretation
To ensure clarity and avoid ambiguity, the following definitions apply throughout this document:
- "Personal Data" refers to any information relating to an identified or identifiable natural person, including but not limited to names, email addresses, IP addresses, and digital identifiers.
- "Malware Sample" refers to any file, binary, script, or code snippet uploaded by the User to the Service for the purpose of security analysis, static analysis, or dynamic sandboxing.
- "Metadata" refers to technical data extracted from Malware Samples, including but not limited to PE headers, file hashes (MD5, SHA-1, SHA-256), compilation timestamps, and debug information.
- "Service" encompasses the ZeroDay-Scanner website, API, background workers, database infrastructure, and related software solutions provided by us.
- "Usage Data" refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit or API latency logs).
The headings used in this agreement are included for convenience only and will not limit or otherwise affect these terms.
3. Information We Collect
We collect several different types of information for various purposes to provide and improve our Service to you. The nature of a malware scanning service requires the collection of potentially sensitive technical data. We categorize data collection into the following streams:
3.1. Personal Data Provided by You
While using our Service, specifically when registering for an API key or contacting support, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. This includes:
- Email address (for authentication and API key management).
- First name and last name (for account personalization).
- Billing address and payment details (if utilizing premium/enterprise tiers).
- Professional affiliation or organization name (for enterprise accounts).
3.2. Uploaded Files and Security Artifacts
The core function of ZeroDay-Scanner involves the analysis of user-submitted files. When you upload a file for scanning, you acknowledge and agree that:
- File Content: We store the binary content of the file you upload. This is necessary to perform static and dynamic analysis, signature matching, and heuristic evaluation.
- Metadata Extraction: Our systems automatically extract metadata from uploaded files. This may include embedded strings, author names in document properties, path names in debug symbols, and other artifacts inherent to the file structure. You are responsible for scrubbing sensitive personal information from files before upload.
- Public Availability of Hashes: While we prioritize security, the cryptographic hash (SHA-256) of your uploaded file may be queried by other users to check if the file has been previously analyzed. This is a standard industry practice to improve scanning efficiency.
3.3. Technical Usage Data & Telemetry
We may also collect information on how the Service is accessed and used ("Usage Data"). This Usage Data is critical for maintaining the integrity of our API and preventing abuse (e.g., DDoS attacks or quota circumvention). This data may include:
- Internet Protocol (IP) Address: We log the IP address of the client making the request for security auditing and geographical load balancing.
- Browser Type and Version: To optimize our frontend rendering (HTML/CSS/JS) compatibility.
- Time and Date of Visit: Timestamped logs of when files were uploaded or APIs were queried.
- Device Fingerprinting: Technical characteristics of your device to prevent fraud and multiple account abuse.
- Referrer Headers: Information about the source that directed you to our Service.
4. Use of Information
ZeroDay-Scanner uses the collected data for various specific purposes. We are transparent about our processing activities to ensure you understand how your data drives the ecosystem of cyber threat intelligence.
4.1. Service Provision and Maintenance
The primary use of your data is to facilitate the core functionality of the Service. This includes:
- Analysis Execution: Processing uploaded files through our heuristic engines, static analyzers, and YARA rule sets to identify malicious patterns.
- Result Delivery: Generating and displaying comprehensive reports regarding the safety status of submitted files.
- Infrastructure Management: Monitoring usage patterns to scale our server resources (CPU, RAM, Storage) dynamically to meet demand without service interruption.
4.2. Improvement of Threat Intelligence
By submitting files to ZeroDay-Scanner, you contribute to a global repository of threat data. We use aggregated data to:
- Refine Heuristics: We analyze false positives and false negatives to retrain our detection algorithms, improving accuracy for all users.
- Trend Analysis: We identify emerging malware families, ransomware variants, and zero-day exploit techniques by analyzing the collective stream of uploads.
- Signature Generation: We create new cryptographic signatures for previously unseen malware to protect the wider community.
4.3. Communication and Support
We use your contact information to:
- Transactional Notifications: Send you critical alerts regarding your account status, API limit warnings, or changes to our Terms of Service.
- Customer Support: Respond to your technical inquiries, troubleshoot API integration issues, and resolve billing disputes.
- Product Updates: With your consent, we may send newsletters regarding new features, such as new file type support or enhanced API capabilities. You may opt-out of marketing communications at any time.
4.4. Security and Abuse Prevention
We strictly utilize Usage Data and IP logs to:
- Detect Anomalies: Identify unusual traffic patterns indicative of botnets, scraping, or denial-of-service attacks.
- Enforce Rate Limiting: Ensure fair usage of our API resources by tracking request volume per user/IP.
- Prevent Malicious Uploads: While we scan for malware, we also monitor for illegal content (e.g., CSAM) or content that violates our Terms of Use, and take appropriate action including reporting to authorities.
5. Disclosure and Sharing of Data
We do not sell your personal data to third parties. However, due to the collaborative nature of cybersecurity, specific data points may be shared under strict conditions.
5.1. Cyber Security Community and Partners
To foster a safer internet, we may share non-personally identifiable threat intelligence (such as file hashes, malware family names, and extracted Indicators of Compromise - IoCs) with:
- Security Researchers: Trusted academic and independent researchers working on malware analysis.
- Anti-Virus Vendors: Partnered security companies to help them update their definitions and protect their user bases.
- Threat Intelligence Feeds: Aggregated feeds that help organizations block malicious traffic at the network level.
Note: We do NOT share your IP address or email address with these partners unless explicitly authorized by you or required by law.
5.2. Service Providers
We employ third-party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services, or to assist us in analyzing how our Service is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. Examples include:
- Cloud Hosting Providers: We utilize enterprise-grade cloud infrastructure (e.g., AWS, Google Cloud, Azure) to host our servers and databases.
- Payment Processors: We use compliant payment gateways (e.g., Stripe, PayPal) to process payments. We do not store your full credit card information on our servers.
- Email Delivery Services: Third-party SMTP providers used to ensure reliable delivery of system emails.
5.3. Legal Requirements
ZeroDay-Scanner may disclose your Personal Data in the good faith belief that such action is necessary to:
- To comply with a legal obligation (e.g., a subpoena or court order).
- To protect and defend the rights or property of ZeroDay-Scanner.
- To prevent or investigate possible wrongdoing in connection with the Service.
- To protect the personal safety of users of the Service or the public.
- To protect against legal liability.
6. Data Security and Encryption
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
6.1. Technical Measures
We implement a defense-in-depth strategy including:
- Encryption in Transit: All data transmitted between your client (browser/API) and our servers is encrypted using TLS 1.2 or higher (Transport Layer Security).
- Encryption at Rest: Sensitive database fields and stored file artifacts are encrypted using AES-256 standards.
- Access Controls: Access to production servers is strictly limited to authorized engineering personnel via VPN and Multi-Factor Authentication (MFA).
- Regular Audits: We perform automated vulnerability scanning and periodic code reviews to identify and patch security flaws.
6.2. Sandbox Isolation
Uploaded files are executed in isolated, ephemeral virtual machine (VM) environments ("Sandboxes"). These environments are reset after every analysis session. This ensures that any malware detonated during analysis cannot escape the environment or infect our core infrastructure. This isolation also serves as a privacy measure, ensuring no cross-contamination of data between different user submissions.
7. Data Retention Policy
We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
7.1. File Retention
Uploaded malware samples are retained in our repository indefinitely to serve as a historical archive for the security community. However, you may request the deletion of a file if you can prove ownership and demonstrate that the file contains sensitive personal data that was inadvertently uploaded.
7.2. Log Retention
Server access logs and API usage logs are generally retained for a period of 90 days for security auditing purposes, after which they are either deleted or anonymized for long-term statistical analysis.
```
8. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to track the activity on our Service and hold certain information. Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.
8.1. Types of Cookies We Use
- Session Cookies: We use Session Cookies to operate our Service. These expire once you close your web browser.
- Preference Cookies: We use Preference Cookies to remember your preferences and various settings (e.g., your preferred language or API response format).
- Security Cookies: We use Security Cookies for security purposes, such as identifying trusted web sessions and preventing Cross-Site Request Forgery (CSRF).
- Analytics Cookies: We may use third-party analytics tools (such as Google Analytics) to help us understand traffic patterns. These services collect data anonymously.
8.2. Your Choices
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service. Specifically, the API dashboard and account management sections require session cookies to maintain your login state.
9. International Transfer of Data
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside the United States or the European Union and choose to provide information to us, please note that we transfer the data, including Personal Data, to secure cloud regions (including but not limited to AWS US-East and EU-Central) and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
ZeroDay-Scanner will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information. We utilize Standard Contractual Clauses (SCCs) where applicable for data transfers.
10. Children's Privacy
Our Service does not address anyone under the age of 18 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children have provided us with Personal Data, please contact us.
If we become aware that we have collected Personal Data from children without verification of parental consent, we take immediate steps to remove that information from our servers. The nature of malware analysis is inherently technical and not suitable for minors.
11. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We may also notify you via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Continued use of the Service after any changes implies acceptance of the new terms.
If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this website, please contact our Data Protection Officer (DPO) or the support team:
By Email:zeroday4service@gmail.com
By Support Ticket: Visit Support Center
By Mail:
ZeroDay-Scanner Legal Dept.
© 2026 ZeroDay-Scanner. All rights reserved.
Disclaimer: This document is for informational purposes only and does not constitute legal advice.