MinuteZero. By Invitation

Legal

Privacy Policy.

Last updated: May 17, 2026

1. The short version

MinuteZero is a marketing automation platform. We collect the brand inputs you give us, the content we generate from those inputs, and the email and outreach activity that flows through the platform on your behalf.

We use that data to operate the Service and to tailor outputs to your brand. We do not sell your data, share it with third parties for their own marketing, or pool it into a shared training corpus for other customers.

Standard website analytics and email-delivery tooling apply, described below. The rest of this document provides the complete details.

2. Who we are

MinuteZero (“Company,” “we,” “us,” or “our”) operates the MinuteZero marketing automation platform. This privacy policy applies to the MinuteZero software, the MinuteZero website (minutezero.com), and any related services we operate.

For questions about this policy, please contact us at stephen@minutezero.com.

3. Customer data we process

MinuteZero is a hosted Service. When you use it, we process the following categories of data on your behalf:

Brand and account data

Information you provide to set up your account and configure the Service, including company name, brand name, positioning, audience descriptions, voice samples, founder biographies, sample writing, and similar inputs you upload or paste into the platform.

Generated content

Content the Service produces from your inputs, including SEO content maps, audit reports, article drafts, press pitches, email drafts, briefs, and any other written outputs. We retain these outputs in your account so you can return to them.

CRM and contact records

Records of brands, journalists, prospects, and other third parties that you upload or that the Service discovers and enriches on your behalf. These records may include name, professional email address, employer, job title, publication, beats covered, public bio, public social-media links, and similar professional information drawn from public sources.

Outbound communications

Email and outreach you send through the Service: subject lines, message bodies, recipient addresses, send timestamps, and delivery, open, click, reply, bounce, and unsubscribe events reported by our email service providers.

Connected accounts (OAuth and service accounts)

When you connect Google Analytics 4, Google Search Console, Google Tag Manager, X/Twitter, or other third-party platforms to the Service, we receive and store the access tokens, property identifiers, and metadata necessary to query those platforms on your behalf. We do not request more permission than the Service requires.

Inputs sent to AI providers

The Service uses third-party large language model providers (currently OpenAI) to generate content. To do so, we transmit relevant inputs — your brand information, voice samples, contact context, and prompts — to those providers in order to produce the requested output. Our AI providers process these inputs under their respective terms of service and data processing agreements. As of the date of this policy, our AI providers' published API terms state that customer API traffic is not used to train their general-purpose models. We rely on those providers' public representations; their data handling practices are governed by their respective terms and policies, which may change over time.

4. Website data

When you visit minutezero.com, your browser connects through Cloudflare (CDN and DNS) to our hosting infrastructure. Standard web server logs may record your IP address, browser user-agent, and pages requested.

Analytics

We use Google Analytics 4 (GA4) via Google Tag Manager (GTM) to understand how visitors use our website. GA4 collects:

  • Pages visited and time spent on each page
  • Referral source (how you arrived at the site)
  • Device type, browser, operating system, and screen resolution
  • Approximate geographic location (country/region level, derived from IP address)
  • Interaction events (button clicks, scroll depth, outbound link clicks)

GA4 uses first-party cookies to distinguish unique visitors and sessions. Google processes this data on our behalf under their Data Processing Terms. We do not enable Google Signals, User-ID tracking, or advertising features on our marketing site at this time. We do not share analytics data with third parties for advertising purposes.

You can opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-on.

Additional analytics and tracking

We may use additional analytics, advertising, or tracking technologies on our website from time to time, including but not limited to conversion tracking pixels, retargeting pixels, social media pixels, and similar technologies from providers such as Google, Meta, LinkedIn, and others. When we add new tracking technologies, we will update the list of third-party services in Section 9 of this policy. Where required by law, we will obtain your consent before setting non-essential tracking cookies or pixels.

Fonts

The website may load fonts from Google Fonts CDN. This transmits the visitor's IP address to Google for the purpose of serving font files. Google's handling of this data is governed by the Google Privacy Policy.

5. Account and contact information

When you create an account, purchase a subscription, or contact us, we may collect:

  • Name and email address
  • Company or organization name
  • Billing address (when subscriptions are introduced)
  • Communications you send us (support requests, feedback)

We use this information to provide the Service, communicate with you about your account, and provide support. We may also send product announcements or updates — you can unsubscribe from non-transactional emails at any time.

6. Email communications

We may send you email for the following purposes:

Transactional email

Emails directly related to your use of the Service, including subscription confirmations, renewals, receipts, account security notifications, service-disruption notices, and responses to support requests. Transactional emails are necessary for the operation of your account and cannot be unsubscribed from while your account is active.

Product updates

Emails about new features, product updates, and relevant content. You may unsubscribe at any time via the unsubscribe link in any such email or by contacting us.

Marketing email

We may send marketing emails to customers and account holders. You may unsubscribe at any time via the unsubscribe link in any such email or by contacting us.

Email service providers

Email is sent through third-party email delivery services (currently SendGrid/Twilio for transactional and direct sending, Klaviyo for flow-triggered delivery). These providers process your email address and email content solely for the purpose of delivery on our behalf. Their handling of your data is governed by their respective privacy policies and our data processing agreements with them.

CAN-SPAM compliance

All commercial emails include our company name, a physical mailing address, a clear unsubscribe mechanism, and accurate sender identification. Unsubscribe requests are honored within 10 business days.

7. Outbound communications you send through the Service

When you use MinuteZero to send email, pitch journalists, or contact prospects, MinuteZero is the tool; you are the sender, originator, and party legally responsible for those communications.

For each outbound message you send through the Service, you are responsible for: (i) having a lawful basis to contact the recipient under applicable law; (ii) honoring unsubscribe, opt-out, and deletion requests in accordance with applicable law; (iii) maintaining accurate suppression lists; and (iv) ensuring the content of your message is accurate, lawful, and non-defamatory. See our Terms of Service for the full statement of responsibilities.

Operationally, the Service routes outbound email through our email service providers, captures delivery and engagement events from those providers, and stores those events in your account so that you can see the status of your sends. We use the contents of your outbound messages and the associated engagement events only to deliver those messages, display delivery and engagement status to you, operate and improve the Service for you, and (as described in our Terms of Service) tailor outputs that are specific to your brand. We do not use the contents of your outbound messages to train general-purpose AI models, and we do not pool your outbound message contents with other customers' data for shared training corpora.

8. Payment processing

When subscription billing is enabled, payments will be processed by Stripe (PCI DSS Level 1 certified). Your payment details (card number, billing address) will be transmitted directly to Stripe and will not be stored on our servers. We will receive only a transaction identifier, the last four digits of your card, and confirmation of payment.

Stripe's handling of your payment data is governed by their own Privacy Policy and Services Agreement.

9. Cookies

The MinuteZero website and application use cookies as follows:

  • Essential cookies — required for basic site functionality (session management, security tokens, login state). These cannot be disabled.
  • Analytics cookies — set by Google Analytics 4 via Google Tag Manager to distinguish unique visitors and track sessions. These are first-party cookies. You can opt out using the Google Analytics Opt-Out Add-on.
  • Advertising cookies — if we run paid acquisition campaigns, we may set conversion-tracking and remarketing cookies (Google Ads, Meta, LinkedIn, X, and similar). You can opt out of personalized advertising at Google Ads Settings or via the NAI opt-out page.

We may add additional tracking technologies (such as social media pixels from Meta, LinkedIn, or other providers) in the future. Where required by law, we will obtain your consent before setting non-essential tracking cookies or pixels.

10. Third-party services

We use a limited number of third-party services to operate. Each has access only to the data necessary for their function:

  • OpenAI — large language model API for content, research, and outreach generation (receives prompt and context data necessary to produce the requested output)
  • SendGrid (Twilio) — transactional and direct email delivery, plus inbound parse webhooks (receives sender, recipient, subject, body, attachments, and delivery events)
  • Klaviyo — flow-triggered email delivery (receives recipient profiles and message content)
  • Stripe — payment processing (receives payment details, billing address) when subscription billing is enabled
  • Cloudflare — CDN, DNS, and static-site hosting (receives visitor IP addresses and request data via standard web serving)
  • Hetzner Online GmbH — application backend hosting (Finland-based; receives application traffic and database storage)
  • Google APIs (GA4, Search Console, Tag Manager) — analytics and search data when you connect your Google properties (receives OAuth-scoped data limited to the properties you connect)
  • Google Fonts CDN — font delivery on the website (receives viewer IP addresses)
  • Google Analytics / Google Tag Manager — website analytics and event tracking on the marketing site (receives visitor IP addresses, browsing behavior)
  • RocketReach — contact and prospect discovery (receives lookup queries; returns enrichment data from their corpus)
  • X/Twitter (Tweepy) — social publishing when you connect your X account (receives post content and OAuth tokens)
  • GitHub — source code hosting, internal issue tracking

We do not sell, rent, or share your personal information with third parties for their own marketing purposes. We are not responsible for the data practices of third-party services. Each third-party service's handling of your data is governed by their respective privacy policies.

11. Data retention

Account and customer data is retained for the duration of your account plus 30 days after deletion, after which it is permanently removed.

Generated content and CRM records are retained for the duration of your account plus 30 days. After account termination you may export your data via the export tool; after the 30-day window we may delete it.

Outbound communication logs (send, delivery, open, click, reply, bounce events) are retained for the duration of your account plus 30 days, except where applicable law requires longer retention (e.g., proof of unsubscribe).

Payment records are retained as required by applicable tax and accounting regulations (typically 7 years).

Support communications are retained for 2 years after the last interaction to provide continuity if you contact us again.

Suppression and opt-out records may be retained indefinitely to honor recipient preferences across future sends.

12. Data security

We implement commercially reasonable technical and organizational measures to protect your data, including encryption in transit (TLS), secure infrastructure practices, access controls limiting who within our organization can access personal data, and least-privilege scoping of third-party API credentials.

No method of transmission or storage is completely secure. We provide commercially reasonable data protection measures but do not guarantee absolute security. If you discover a security vulnerability, please contact us immediately at stephen@minutezero.com.

Your security responsibilities

You are responsible for: maintaining the confidentiality of your account credentials, API keys, and connected-account OAuth tokens; restricting access to your account to authorized users within your organization; promptly revoking access for departed personnel; and complying with regulatory frameworks applicable to your data and your industry.

13. Data breach notification

In the event that we become aware of a security breach affecting personal data we hold, we will:

  • Investigate the breach promptly and take reasonable steps to contain and remediate it
  • Notify affected individuals and applicable regulatory authorities as required by law
  • Provide notification within 72 hours of becoming aware of the breach, where required by GDPR, or within the timeframe required by other applicable laws
  • Include in any notification: the nature of the breach, the data involved, the likely consequences, and the measures taken or proposed to address the breach

14. Your rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate or incomplete data
  • Deletion — request deletion of your personal data, subject to legal retention requirements
  • Portability — request your data in a structured, machine-readable format
  • Objection — object to processing of your data for specific purposes
  • Restriction — request that we limit how we use your data
  • Withdrawal of consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, please contact us at stephen@minutezero.com. We will respond within 30 days.

For California residents (CCPA/CPRA)

Under the California Consumer Privacy Act and the California Privacy Rights Act, California residents have specific rights regarding their personal information.

Categories of personal information we collect:

  • Identifiers — name, email address, account identifiers, IP address
  • Commercial information — records of products or services purchased (subscription tier, billing history)
  • Internet or electronic network activity — browsing behavior on our website, interaction with the application
  • Professional or employment-related information — company or organization name, job title, voluntarily provided
  • Geolocation data — approximate location derived from IP address (country/region level)

Categories of personal information we do NOT collect:

  • Biometric information
  • Protected classification characteristics
  • Education information
  • Sensory data (audio, visual, thermal, olfactory)
  • Inferences drawn to create a consumer profile

We do not sell or share personal information for cross-context behavioral advertising. You have the right to know what personal information we collect, request its deletion, correct inaccurate personal information, and not be discriminated against for exercising your rights.

To submit a request, contact us at stephen@minutezero.com. We will verify your identity before processing your request and respond within 45 days.

For European residents (GDPR)

Our legal bases for processing personal data are:

  • Performance of a contract — providing services you have purchased, processing payments, delivering subscription functionality
  • Legitimate interests — operating and improving the Service, maintaining security, fraud prevention
  • Consent — where applicable, such as marketing communications (you may withdraw consent at any time)
  • Legal obligation — retaining records as required by tax and accounting regulations

You have the right to lodge a complaint with your local data protection authority if you believe we have not adequately addressed your concerns.

Data subjects in your CRM records

The Service stores records of journalists, prospects, and other third parties as part of its core functionality, on your behalf and at your direction. With respect to those records, you are the data controller (and, under the CCPA/CPRA, the “business”) and MinuteZero acts as your data processor (and, under the CCPA/CPRA, your “service provider”). MinuteZero processes those records only to provide the Service to you, retains them subject to the retention terms above, and does not sell, share, or use them for any independent commercial purpose. If a data subject identified in your CRM contacts us directly, we will refer them to you (or, where required by law, respond on your behalf in coordination with you) for the exercise of their rights.

15. Data Processing Agreements

Enterprise customers who require a Data Processing Agreement (DPA) for regulatory or compliance purposes may request one by contacting us at stephen@minutezero.com.

16. International data transfers

MinuteZero is based in the United States. If you access our Service from outside the United States, your information may be transferred to and processed in the United States, the European Union (Hetzner, Finland), or other countries where our service providers operate.

Where required by applicable law, we ensure appropriate safeguards are in place for international transfers, including standard contractual clauses or other mechanisms approved by relevant data protection authorities.

17. Do Not Track

Some web browsers transmit “Do Not Track” (DNT) signals. We use analytics and tracking tools on our website (including Google Analytics and Google Tag Manager). We do not currently alter our data collection practices in response to DNT signals. If we add the ability to honor DNT signals in the future, we will update this section accordingly.

18. Children's privacy

MinuteZero is a marketing-automation tool intended for use by professionals. We do not knowingly collect personal information from anyone under 16. If we become aware that we have collected data from a child under 16, we will delete it promptly.

19. Liability disclaimers

The following disclaimers apply to all data handling described in this privacy policy. These disclaimers are in addition to, and not in limitation of, the disclaimers and limitations of liability set forth in our Terms of Service.

AI-generated content

Content produced by the Service, including SEO recommendations, article drafts, press pitches, and outreach copy, is generated using AI tools and is provided for your review. You are responsible for verifying the accuracy, lawfulness, and originality of any content you choose to publish, send, or otherwise distribute. See our Terms of Service for the full statement.

Outbound communications

When the Service is used to send email or other outbound communications on your behalf, you are the sender and originator. You are solely responsible for compliance with CAN-SPAM, TCPA, GDPR, CCPA, CASL, and any other law applicable to your communications, and for honoring unsubscribe and deletion requests.

Third-party services

MinuteZero is not responsible for the data practices of third-party services, including OpenAI, SendGrid, Klaviyo, Stripe, Cloudflare, Hetzner, Google (Analytics, Tag Manager, Fonts, Search Console, Ads), RocketReach, X/Twitter, and GitHub. Your interactions with these services are governed by their respective privacy policies.

No absolute guarantee

We implement commercially reasonable measures to protect data we handle. We do not warrant or guarantee absolute security, privacy, or data protection. No software vendor can provide such a guarantee, and this policy should not be read as one.

20. Changes to this policy

We may update this privacy policy from time to time. Changes will be communicated by updating the “Last updated” date at the top of this page. Your continued use of the Service after the updated policy is posted constitutes acceptance of the updated policy.

21. Contact

If you have questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

Email: stephen@minutezero.com

MinuteZero
3476 18th St, Apt 36
San Francisco, CA 94110
United States