Privacy Policy
Effective Date: February 27, 2026
This Privacy Policy describes how Zenofex LLC (“Zenofex,” “we,” “us,” or “our”) collects, uses, shares, and protects information in connection with your use of Fuzze.rs and related services (the “Service”). By using the Service, you agree to the collection and use of information in accordance with this Policy.
1. Data Controller
The data controller responsible for your personal information is:
Zenofex LLC
Privacy contact: [email protected]
2. Information We Collect
2.1 Information You Provide
- Account information: Name, email address, company name, job title, and other profile fields you provide during registration or in your account settings.
- Billing information: Billing contact name, email, and address. Payment card details are processed and stored by Stripe, Inc. and are never stored on our servers. We retain only the last four digits of your card number and card brand.
- Support communications: Messages, attachments, and metadata you submit through our support ticket system.
- User Content: Binaries, seed corpora, and other files you submit for fuzzing. See Section 4 for how we handle these.
2.2 Information Generated by Your Use
- Fuzzing job metadata: Job names, start/end times, status, and configuration parameters.
- Results and metrics: Crash counts, execution rates, coverage percentages, and crash report data generated during fuzzing jobs.
- API usage: API key usage logs, request timestamps, endpoints accessed, and response codes.
- Log data: Server-side logs including IP addresses, browser type, referring URL, and pages visited, retained for security and operational purposes.
2.3 Authentication Information
We use Google OAuth and email magic link authentication (via Resend). When you sign in with Google, we receive your name, email address, and profile photo from Google in accordance with the permissions you grant. We do not receive your Google password. Magic link authentication uses your email address only.
2.4 Cookies and Similar Technologies
We use session cookies necessary for authentication and to maintain your logged-in state. These are essential for the Service to function and cannot be disabled while using the Service. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
3. How We Handle Fuzzing Data (User Content)
We understand that your User Content — the binaries and code you submit for fuzzing — may be proprietary, sensitive, or subject to confidentiality obligations. We treat this data with the highest level of care:
- Your submitted binaries and seed corpora are used solely to execute fuzzing jobs on your behalf and are not analyzed, reverse-engineered, shared with third parties, or used to train any models.
- Fuzzing jobs are executed in isolated environments. We implement logical and physical isolation between customers' workloads.
- Crash reports and Results generated from your jobs are stored in association with your account and are accessible only to you and authorized Zenofex personnel for support purposes.
- Upon account termination, your User Content and Results are retained for up to 90 days to allow for export, after which they are permanently deleted from our systems.
4. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service;
- Process transactions and send billing-related communications;
- Authenticate users and maintain account security;
- Respond to support requests, questions, and other communications;
- Send important account notifications (e.g., subscription renewals, policy changes);
- Monitor and analyze usage patterns to improve the Service;
- Detect, investigate, and prevent fraudulent activity and security incidents;
- Comply with legal obligations and enforce our Terms of Service;
- Send optional product updates and newsletters, where you have consented to receive such communications (you may opt out at any time).
We do not sell your personal information to any third party, and we do not use your personal information for advertising purposes.
5. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:
- Contract performance: Processing necessary to provide the Service you have subscribed to (account information, billing, job execution).
- Legitimate interests: Security monitoring, fraud prevention, and Service improvement, where these interests are not overridden by your rights.
- Legal obligation: Compliance with applicable laws and valid legal process.
- Consent: Marketing communications, where you have provided explicit consent.
7. Data Retention
We retain your information for as long as necessary to provide the Service and as follows:
- Account information: Retained while your account is active and for up to 3 years after termination for legal and business purposes.
- Billing records: Retained for 7 years as required by applicable tax and financial regulations.
- Fuzzing job data and Results: Retained while your account is active and for up to 90 days after termination.
- Support tickets: Retained for 3 years following resolution.
- Security and access logs: Retained for up to 1 year for security investigation purposes.
You may request deletion of your personal data at any time (see Section 9). Deletion may be delayed where retention is required by law or legitimate business necessity.
8. Security
We implement technical and organizational security measures designed to protect your information against unauthorized access, disclosure, alteration, or destruction. These measures include:
- Encryption of data in transit using TLS;
- Encryption of sensitive data at rest (including API keys using AES-256-GCM);
- Access controls limiting personnel access to personal data on a need-to-know basis;
- Isolated execution environments for fuzzing workloads;
- Regular security assessments and monitoring.
No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.
9. Your Rights and Choices
9.1 Access and Portability
You may access, review, and download your account information and fuzzing job data through your account dashboard at any time. You may request a copy of other personal data we hold about you by contacting us.
9.2 Correction
You may update or correct your account information directly in your account settings. If you need assistance correcting information you cannot access directly, contact us.
9.3 Deletion
You may request deletion of your account and associated personal data by contacting us at [email protected]. We will process deletion requests within 30 days, subject to applicable legal retention requirements.
9.4 Opt-Out of Marketing
You may opt out of marketing emails by clicking the unsubscribe link in any marketing email, or by contacting us. Transactional and account-related emails (e.g., billing notices, security alerts) are not subject to opt-out as they are necessary for the Service.
9.5 GDPR Rights (EEA/UK Users)
If you are in the EEA, UK, or Switzerland, you have additional rights under GDPR or UK GDPR, including the right to: object to processing; restrict processing; and lodge a complaint with your local supervisory authority. To exercise these rights, contact us at [email protected].
9.6 California Privacy Rights (CCPA)
California residents have the right to know what personal information we collect, the right to delete personal information, the right to opt-out of sale (we do not sell personal information), and the right to non-discrimination for exercising these rights. To submit a CCPA request, contact us at [email protected].
10. International Data Transfers
Zenofex is based in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.
For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on appropriate transfer mechanisms, including the EU-U.S. Data Privacy Framework (where applicable) or Standard Contractual Clauses approved by the European Commission. Contact us for more information about our transfer mechanisms.
11. Children's Privacy
The Service is not directed to, and we do not knowingly collect personal information from, individuals under the age of 18. If you become aware that a minor has provided us with personal information without parental consent, please contact us and we will take steps to delete such information.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When we make material changes, we will notify you by email or by posting a prominent notice on the Service, at least 14 days before the changes take effect. We encourage you to review this Policy periodically. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Policy.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
Zenofex LLC — Privacy Team
We aim to respond to all privacy-related inquiries within 30 days.