// Legal
Privacy
Policy
Last updated: April 2026 · Effective date: April 2026
Zero Day Digest is operated by Modulus Cybersecurity. We take your privacy seriously. This policy explains what data we collect, how we use it, and your rights. We do not sell your data to third parties.
Who We Are
Zero Day Digest is a cybersecurity intelligence newsletter service operated by Modulus Cybersecurity ("we", "us", "our"). We provide real-time vulnerability intelligence and cybersecurity news via a subscription-based platform accessible at zerodaydigest.io.
For any privacy-related enquiries, contact us at: hello@zerodaydigest.net
Data We Collect
We collect the minimum data necessary to provide our service:
- Account information — your name, email address, and a hashed (encrypted) password when you subscribe
- Billing information — payment is processed entirely by Stripe. We store only a Stripe customer ID and subscription ID. We never see or store your full card number, CVV, or billing address
- Preferences — your timezone, digest format preferences, and category subscriptions
- Usage data — whether emails were opened or clicked, to help us improve delivery
- Contact enquiries — name, email, and message if you contact us via the contact form
- Server logs — standard web server logs including IP address and browser type, retained for up to 30 days for security purposes
How We Use Your Data
We use your data solely to provide and improve the Zero Day Digest service:
- To deliver your daily intelligence digest emails
- To manage your subscription and process payments via Stripe
- To authenticate you when you log in to the platform
- To personalise your feed based on your category subscriptions and preferences
- To respond to contact form enquiries
- To send transactional emails (welcome, password reset, subscription changes)
- To maintain the security and integrity of our platform
We do not use your data for advertising, profiling, or any purpose unrelated to operating this service.
Third-Party Services
We use a small number of trusted third-party services to operate Zero Day Digest:
- Stripe — payment processing. Stripe's privacy policy applies to payment data. See stripe.com/privacy
- Amazon Web Services (AWS SES) — email delivery. Emails are sent via AWS's Simple Email Service
- Anthropic Claude API — used to generate newsletter content summaries from public threat intelligence sources. No personal subscriber data is sent to Anthropic
We do not use Google Analytics, Facebook Pixel, or any third-party advertising or tracking services.
Data Retention
We retain your data for as long as your account is active. If you cancel your subscription:
- Your account data is retained for 90 days after cancellation to allow reactivation
- After 90 days, personal data is deleted or anonymised
- Billing records may be retained for up to 7 years for legal and accounting compliance
- You can request immediate deletion of your account at any time by contacting us
Your Rights
Depending on your location, you may have rights under applicable privacy law (including GDPR, the New Zealand Privacy Act 2020, and similar legislation):
- Access — request a copy of the personal data we hold about you
- Correction — update or correct your personal information via your account portal or by contacting us
- Deletion — request deletion of your account and associated personal data
- Portability — request your data in a machine-readable format
- Opt-out of emails — unsubscribe from daily digest emails at any time via your account preferences, without affecting your subscription
To exercise any of these rights, contact us at hello@zerodaydigest.net. We will respond within 30 days.
Cookies
Zero Day Digest does not use tracking cookies. We use your browser's localStorage to store your authentication token locally on your device. This is not a cookie and is not transmitted to third parties.
Security
We take reasonable technical measures to protect your data, including:
- Passwords stored using bcrypt hashing (never in plain text)
- All data transmitted over HTTPS/TLS
- Payment data handled entirely by Stripe — we never process or store raw card details
- Database access restricted to application servers only
No system is completely secure. In the event of a data breach that affects your personal data, we will notify you as required by applicable law.
Children
Zero Day Digest is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
Changes to This Policy
We may update this privacy policy from time to time. We will notify subscribers of material changes by email and update the "Last updated" date above. Continued use of the service after changes constitutes acceptance of the updated policy.
Contact
For privacy enquiries or to exercise your rights:
Modulus Cybersecurity
Email: hello@zerodaydigest.net