Privacy Policy

The data controller is Over Holding Srl, with registered office at Viale Tricesimo n.200, 33100 Udine, Italy, VAT IT02945890305 (hereinafter "Zero Hunt", "we", "us").

For any privacy-related inquiries, you may contact our Data Protection Officer at: dpo(at)zerohunt.ai

We process personal data only when we have a lawful basis to do so:

• Consent (Art. 6(1)(a)): when you voluntarily contact us via email or submit a demo request.
• Legitimate interest (Art. 6(1)(f)): for minimal anonymized analytics ensuring site security.
• Contractual necessity (Art. 6(1)(b)): when you enter into a commercial relationship with us.

• Contact information: name, email, company name, job title.
• Technical data: anonymized IP, browser, OS, referral and page visited via Cloudflare Web Analytics (no cookies).
• Communication data: contents of the messages you send us.

Zero Hunt is an autonomous AI cybersecurity platform. In compliance with Regulation (EU) 2024/1689 we disclose:

• Classification: the pentesting engine is a high-risk AI system under Annex III.
• Human oversight: always under human-in-the-loop supervision with kill-switch.
• Data processing: only on customer's on-premise infrastructure; no external transmission.
• Training data: public vuln databases and synthetic environments — no customer data used for training.
• Risk management: in line with Art. 9 AI Act (monitoring, bias, robustness).

• Contact inquiries: 12 months from last interaction.
• Contractual data: contract duration + 10 years (Italian fiscal regulations).
• Analytics: anonymized and aggregated, no individual-level data retained.

We do not sell, trade or rent personal data. Recipients are limited to:

• Hosting: Cloudflare, Inc. (USA) under the EU-US Data Privacy Framework.
• Email: self-hosted EU mail server.
• Analytics: Google LLC / Google Ireland Limited (Google Analytics 4). IP addresses are anonymised before processing; advertising and personalisation signals are disabled. Analytics is enabled by default for usage measurement under GDPR Art. 6(1)(f) legitimate interest, and you can opt out at any time via the cookie banner. Transfers to Google US rely on the EU-US Data Privacy Framework and Standard Contractual Clauses.

Any transfer outside the EEA uses SCCs or adequacy decisions as required by Chapter V GDPR.

This website uses two categories of cookies and similar storage:

• Strictly necessary: Cloudflare Web Analytics (no cookies, no fingerprinting) and a single localStorage entry (zh_consent) that remembers your cookie-banner choice. Loaded without consent under GDPR Art. 6(1)(f).
• Analytics (active by default, opt-out via banner): Google Analytics 4 sets _ga and _ga_* cookies (2-year retention) when you visit. IP addresses are anonymised; advertising and personalisation buckets are denied. Click "Decline" on the cookie banner to disable analytics — the choice is persisted in zh_consent and respected on every subsequent visit.

You can change your decision at any time by clearing the zh_consent entry in your browser's site storage; the banner will re-appear on the next visit and you may decline again.

• Access (Art. 15) · Rectification (Art. 16) · Erasure (Art. 17)
• Restriction (Art. 18) · Portability (Art. 20) · Objection (Art. 21)
• Withdrawal of consent at any time.

Contact dpo(at)zerohunt.ai — we reply within 30 days as required.

You can lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali):

Piazza Venezia, 11 — 00187 Roma, Italy
www.garanteprivacy.it

We may update this policy. Material changes will be flagged via the "Last updated" date.