ZERO is non-custodial.

Security posture

Keys stay in the operator’s control

Every wallet is the operator’s own — a Privy embedded wallet, MetaMask, Ledger, or any self-custodial wallet. The runtime signs only through a Privy-managed API wallet the operator authorized and can revoke at any moment. The signing key never leaves the managed enclave, and losing an API key never loses operator funds.

The signer is scope-limited

The control plane signs only order, cancel, and schedule-cancel actions. It does not — and the policy must not let it — withdraw, transfer, or change account settings.

Signing refuses when the runtime is unsafe

A live lease is required; it is short-lived and renewed only by the runtime’s own signed heartbeats. Signing is refused when the lease has expired, when the runtime reports a halt, or when the data feed diverges — and risk-reducing actions stay available even then.

Refusals are evidence

Every refusal is journaled as a public, replayable record. Refusals fail closed: a refusal that cannot be recorded blocks the action rather than allowing it. A declared safety check that silently did nothing would be worse than no check.

Jurisdiction is declared

Operator authority is geofenced from the United States and Ontario until there is regulatory clarity, and the fence is declared on every surface.

Responsible disclosure

We welcome good-faith security research and will not pursue legal action against researchers who follow this policy.

In scope: the signing path (control-plane action signing, the Privy delegation, and the heartbeat integrity the refusal logic depends on); authentication, API-key handling, and the live-lease lifecycle; the public surfaces on getzero.dev and app.getzero.dev.

How to report: email security@getzero.dev with a clear description, the affected surface, and reproduction steps. We acknowledge reports within three business days and coordinate disclosure timing with you.

Safe harbor: research is authorized only if you do not access, modify, or exfiltrate data that is not yours; do not move or attempt to move funds; do not degrade service to others; and stop and report once you have demonstrated a finding. Stay within your own operator account and test data.

Out of scope: social engineering, physical attacks, denial-of-service, findings that require a compromised operator device, and vulnerabilities in third-party infrastructure (Privy, Hyperliquid, Vercel, Supabase).

Audit history

2026-06-13 — signing-path penetration test covering the Privy delegation, the control-plane signing endpoint, the Ed25519 server-to-server heartbeat integrity, and the API-key and lease lifecycle.