PlugZero LogoPlugZero
Log inGet Started

Privacy Policy

Last Updated: January 20, 2026

At PlugZero (a product of Plughathon Limited), we believe that your data belongs to you. This policy outlines our aggressive stance on data minimization, security, and your rights as a user.

1. Information We Collect

We collect only the information necessary to provide our services:

  • Account Information: Name, email address, and authentication credentials (hashed) required to maintain your account.
  • Research Data: Survey questions, responses, and analysis configurations you upload or generate. This data is encrypted at rest.
  • Usage Metadata: Anonymized metrics on feature usage, API calls, and performance data to help us improve the platform.

2. How We Use Your Data

We are not in the business of selling data. Your information is used strictly for:

  • Providing and maintaining the PlugZero Service.
  • Notifying you about changes to our Service.
  • Providing customer support and troubleshooting issues.
  • Monitoring the usage of our Service to detect and prevent technical issues.

We do not use your private market research data to train public AI models without your explicit, written consent.

3. Data Sharing & Third Parties

We do not sell, trade, or rent your personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners for statistical analysis.

We use trusted third-party service providers (subprocessors) to help us operate our business, such as:

  • AWS & Vercel: For cloud hosting and infrastructure.
  • Stripe: For payment processing (we do not store full credit card details).
  • PostHog: For product analytics (anonymized).

4. Security & Compliance

The security of your data is paramount. We implement enterprise-grade security controls:

  • SOC2 Type II: We are fully compliant and audited annually.
  • Encryption: Data is encrypted in transit (TLS 1.3) and at rest (AES-256).
  • Access Control: Strict role-based access control (RBAC) and MFA enforcement for internal administrative access.

5. Your Data Rights

Regardless of your location, we extend GDPR-standard rights to all users:

  • Right to Access: You can request a copy of all data we hold about you.
  • Right to Erasure ("Right to be Forgotten"): You can request complete deletion of your account and all associated data.
  • Right to Rectification: You can update incomplete or incorrect data via your account settings.

6. Contact Us

If you have any questions about this Privacy Policy, please contact our Data Protection Officer (DPO) at:

privacy@plugzero.com

Need to execute a DPA?

Request our Data Processing Agreement