Zero-Day Zen

Tactical Grounding for Cybersecurity Professionals

Privacy Policy

Last updated: August 24, 2025

Who We Are

Zero-Day Zen (“ZDZ,” “we,” “us,” “our”) provides stress-reduction education and coaching for cybersecurity/IT professionals. We do not provide medical or mental-health services and we do not collect Protected Health Information (PHI).

Scope

This Policy covers www.zero-day-zen.com and related pages, forms, newsletters, scheduling, and pilot program workflows (collectively, the “Services”).

What we collect (minimal by design)

  • Contact & account data: name, work email, role, organization, time zone; optional phone for scheduling.
  • Communications: emails, form submissions, feedback you choose to share.
  • Payment data (if applicable): handled by our payment processor; we do not store full card numbers.
  • Usage & device data: basic analytics/cookies, IP/country, pages viewed, browser type.
    We do not intentionally collect PHI or sensitive personal information. If you believe you shared such data with us in error, contact us to delete it.

Sources

You; your organization’s admin (if you enroll via employer); processors providing analytics, scheduling, or payment.

How we use data

To provide and improve the Services; communicate about programs; process payments; secure and debug; comply with law; with your consent, send low-volume newsletters or product updates (opt-out anytime).

Cookies & analytics

We use essential cookies and limited analytics. Manage preferences anytime via Cookie Preferences in the footer.

Sharing

We don’t sell personal information. We share only with vetted processors who help run our Services (e.g., website host/CDN, email & newsletter tool, scheduling, CRM, payment). We require appropriate data protection commitments.

Data retention

We keep personal data no longer than necessary for the purposes above (e.g., account lifecycle + 24 months), unless longer retention is required by law or for security/legal reasons. Aggregated, de-identified results may be retained.

Security

We use reasonable technical and organizational measures (encryption in transit, access controls, logging). See our Vulnerability Disclosure page for reporting security issues.

Your rights

US (CPRA/“California” and similar laws): You may request access, deletion, correction, and to opt-out of sale/share (we do not sell) and limit sensitive data use (not applicable; we don’t use sensitive data to infer characteristics). Use the Contact link in on our site or email us. We won’t discriminate for exercising rights.

Canada (PIPEDA & Québec Law 25): You may request access, correction, and details on cross-border transfers and our safeguards. If you’re in Québec, you may also request de-indexing where applicable.

We will verify requests as required. An authorized agent may act on your behalf where permitted.

International transfers

We operate in the United States. If you are outside the US, your data may be processed in the US. We use contractual and technical safeguards appropriate to the transfer.

Children

Our Services are for adults in professional settings. We don’t knowingly collect data from children under 16.

Changes

We may update this Policy; we’ll post a new effective date and, for material changes, provide a more prominent notice.