Privacy Policy

1. Who we are

Lockzero is operated by Side By Tech ("we", "us", "our"). Lockzero is a credential vault, runtime proxy gateway, and rotation platform for API keys and other secrets. Our website is lockzero.io and you can reach us at support@lockzero.io.

2. What we collect

We collect only what is necessary to provide the service:

• • Account information: email address, authentication identifiers (Auth0), workspace membership
• • Secrets you choose to store: stored encrypted with AES-256-GCM in our vault using envelope encryption keys held in AWS KMS. We do NOT decrypt them outside the boundaries described below.
• • Secret metadata: secret names, provider/namespace, environments, rotation schedules, sensitivity flags
• • Proxy traffic metadata: when you route an API call through the Lockzero gateway, we record request method, path, provider, response status, latency, and token / cost metadata for audit, billing, and policy enforcement. Request and response bodies are NOT persisted unless you explicitly enable replay capture on a per-route basis.
• • Audit logs: actions performed in the dashboard (rotations, rollbacks, configuration changes, policy decisions), hash-chained for tamper evidence
• • Payment information: processed by Stripe. We do not store credit card numbers or full payment details.
• • Operational telemetry: page views, errors, and aggregate usage to improve the product

3. What we do NOT collect or store

• ✓ We do not store your secret values in plaintext at rest
• ✓ We do not log secret values in application logs, error responses, or audit trails
• ✓ We do not retain proxied request or response bodies unless replay capture is explicitly enabled by you
• ✓ We do not share your data with third parties for advertising or marketing
• ✓ We do not sell your data

4. How we use your data

We use your data to provide the Lockzero service: authenticating your account, storing and injecting credentials at proxy time, rotating credentials, maintaining tamper-evident audit trails, enforcing plan limits and policy guardrails, and processing payments. We may also use aggregated, anonymized usage data to improve the product.

5. Data storage and security

Customer secrets are stored inside the Lockzero vault, encrypted at rest with AES-256-GCM using a data encryption key wrapped by a workspace-scoped key in AWS KMS (envelope encryption). The vault runs in our infrastructure (AWS, us-east-1) inside private subnets. Application data — workspace metadata, audit logs, billing aggregates, dashboard state — lives in encrypted PostgreSQL with encrypted EBS volumes and snapshot backups. All traffic between you, our gateway, and upstream providers is encrypted in transit with TLS 1.2+. Access to production systems is restricted by SSO, MFA, and short-lived OIDC-issued role credentials; every access event is recorded in the audit log.

6. Third-party services

We use the following third-party services to operate the platform. None of them receive plaintext secret values unless explicitly required for the function noted (e.g. AWS KMS receives the data encryption keys it is asked to wrap or unwrap).

• • Amazon Web Services — compute (EC2), data storage (RDS PostgreSQL, S3 audit archive), envelope encryption (KMS), DNS (Route 53), and operational alerts (SNS)
• • Cloudflare — CDN, edge TLS termination, DDoS protection, and bot mitigation (Turnstile)
• • Auth0 (by Okta) — primary authentication, MFA, and SSO federation
• • Stripe — payment processing and subscription management
• • Resend — transactional email delivery (account verification, maintenance notices, password resets)
• • GitHub — source control and CI/CD for the platform itself (does not process customer data)

7. Data retention

We retain your account data and audit logs for as long as your account is active. If you cancel your account, we will delete your data within 30 days of cancellation, except where required by law.

8. Your rights

You can request access to, correction of, or deletion of your personal data at any time by emailing support@lockzero.io. We will respond within 30 days.

9. Changes to this policy

We may update this privacy policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date.

10. Contact

If you have questions about this privacy policy, contact us at support@lockzero.io.