Security at Zero
Zero is the wallet and payments layer for agents. The controls we put around your keys, your spend, and your data are the product. Here's where we are today.
SOC 2 Audit In Progress
We're actively engaged in a SOC 2 examination. No report has been issued yet, so we don't claim to be SOC 2 compliant or certified — we're saying the work is underway. We'll publish the report on this page when it's complete.
If you're evaluating Zero for production and need a status letter from our auditor, our security team can share one under NDA.
- Encryption. TLS in transit; encryption at rest for production data stores.
- Access. Least-privilege access to production, scoped per role, with audit logging.
- Wallets. Customer wallets are non-custodial; signing keys never leave the user's environment.
- Vendors. We review the sub-processors we depend on and keep that list current.
- Monitoring. Application and infrastructure logs are retained and reviewed; security events alert on-call.
Found something? Email security@zeroclick.ai. We acknowledge within one business day and won't pursue legal action against good-faith research that respects user data and our service.
For general security or compliance questions from prospective customers, the same address works.