//PRIVACY
Policy
Privacy
policy.
Stealth Startup 0 Labs ("we", "us") builds runtimes that operate on
sensitive data — clinical, financial, scientific, and educational. This
policy describes what we collect from visitors to this site and how
operator and partner data is handled inside our runtimes.
One-line summary: we collect the minimum needed to
run the lab, never sell data, encrypt everything at rest and in
transit, and treat HIPAA-class workloads under HIPAA-class controls.
01 What we collect
From visitors to stealth0.io:
- The email address you submit to the dispatch form, if you submit one.
- Aggregate, anonymized traffic counts (page, country, referrer) — no fingerprints, no third-party trackers.
- Standard server logs (IP, user-agent, timestamp) for 30 days, used only for security and abuse prevention.
From operators and design partners, inside our runtimes:
- Only the data your contract authorizes us to process, for the duration that contract specifies.
- Cryptographic identifiers and audit-trail signatures we generate ourselves.
02 What we do not collect
- Third-party advertising identifiers.
- Behavioral profiles or cross-site tracking.
- Biometric data, except inside runtimes where it is the explicit subject of an operator contract.
- PHI, PII, or other regulated data outside of a signed BAA / DPA.
03 How we use it
- To send the operational dispatches you requested.
- To run, debug, and harden the runtimes you have contracted us to operate.
- To satisfy our legal, compliance, and audit obligations (SOC 2, ISO 27001, HIPAA).
We do not sell, rent, lease, or trade personal data. Ever.
04 How we protect it
- TLS 1.3 in transit. AES-256 at rest. Keys rotated automatically.
- Zero-trust internal access — every action signed, every action audited.
- Least-privilege defaults: most operators inside Stealth Startup 0 cannot see customer data without a break-glass event.
- Independent annual audits aligned to SOC 2 Type II, ISO 27001, and HIPAA Security Rule.
05 Your rights
You may request access, correction, export, or deletion of any
personal data we hold about you. Write to
privacy@stealth0.io and
we will respond within 7 days. Under GDPR and CCPA you have
additional rights, all of which we honor.
06 Cookies
One first-party cookie, used to remember you've dismissed the
dispatch banner. No analytics cookies, no advertising cookies, no
third-party cookies. Disable it at any time in your browser; the
site will function normally.
07 Children
This site is not directed at children under 16. We do not knowingly
collect data from anyone under 16; if we learn that we have, we will
delete it immediately.
08 Changes
We update this policy when our practices change. Material changes
are announced in the dispatch and reflected in the version string
above. The full revision history is available on request.
09 Contact
Data protection officer:
privacy@stealth0.io
Security incidents:
security@stealth0.io