Security

Zero runs as a native desktop application. All case management, AI execution, and memory access happens on your machine. The API server runs on localhost:7878 — not exposed to the internet.

Zero requests access to your workspace directory. It reads and writes files within that directory. It does not access files outside your selected workspace without explicit user action.

Zero never executes code changes without an operator-approved plan. The approval gate is mandatory and cannot be bypassed through the UI or API.

Proof is operator-verified. Zero enforces that proof is attached and marked verified before RESOLVED — but does not validate the content of proof. Code review remains the operator’s responsibility.

Account data is stored with standard web security practices. We do not store payment card data.

Found a security issue? Contact us via the console. We respond within 48 hours.

Zero does not currently offer SSO, audit logs, SOC 2 certification, or enterprise compliance packages. These are planned for future releases.