Zerantiq - AI Security Contests

How Zerantiq handles data.

Zerantiq is a dual-purpose security and code review platform for external audit contests and controlled internal reviews. This policy explains how we collect, use, and secure information when you submit projects, invite researchers, or enable internal departments to review code.

Applies to contests + internal reviewLast updated: 2025

Data we handle

What we collect

Account + contact details. Names, emails, role data, and authentication signals used to create accounts, route notifications, and verify researchers.
Identity verification data. Information you or researchers provide to complete KYC through KYCAID so we can confirm eligibility and maintain platform safety.
Project + workspace metadata. Organization name, project titles, contest settings, scope definitions, access rules, and audit timelines.
Code and audit artifacts. Source code, configuration files, test data, vulnerability reports, attachments, and remediation notes that you upload or share for review.
Product usage and security logs. Event logs, device/browser data, access approvals, consent trails, and feature telemetry to protect the platform and improve coverage.

Purpose

How we use data

Deliver audits quickly. Match projects with vetted researchers, orchestrate contest operations, and surface findings with clear ownership and SLAs.
Enable controlled internal review. Generate scoped, time-bound access for internal teams, log every action, and revoke access automatically when reviews close.
Verify and sign. Run KYC checks for researchers via KYCAID and route NDAs for e-signature via SignatureAPI when contests or enterprise gates require it.
Support you. Send product updates, security notifications, and support responses tied to your workspace preferences.
Improve quality. Analyze de-identified trends to strengthen detection, scoring, and coverage for AI-assisted codebases; we do not sell personal data.

Access + sharing

Who sees your data

Your authorized teams. Admins control which internal departments or reviewers can access specific projects, along with roles, scopes, and expirations.
Contest researchers. Only researchers you approve for a contest receive the artifacts they need; they are bound by confidentiality and platform rules.
Service providers. Hosting, analytics, security tooling, and payment processors that help us operate the platform under strict contractual controls. This includes KYCAID (identity verification) and SignatureAPI (NDA execution) when those steps are enabled.
Legal/safety. We may disclose data to comply with law, prevent fraud or abuse, or protect the rights and safety of users and the platform.

Protection

Security, retention, and choices

Security controls. Encryption in transit and at rest, environment isolation, scoped tokens, device verification for researchers, and continuous monitoring.
Time-boxed access. Contest and internal review access expires automatically; logs and findings remain for auditability unless you request removal.
Retention. We store project artifacts for as long as your workspace requires them for remediation, reporting, or compliance, then delete or archive them safely.
Your rights. Request access, correction, export, or deletion by emailing office@zerantiq.com. We honor applicable privacy laws where you operate.

Contact

Questions about privacy or data processing? Reach our team at office@zerantiq.com or your Zerantiq account lead.

Governance

We align our controls with modern AI security and compliance baselines, and we will update this policy as we ship new features or when regulations change.