trust & security
ZERO is non-custodial.
It never holds operator funds, and the runtime never holds a signing key. This is how the signing path is built, and how to report a problem with it.
Security posture
- Keys stay in the operator’s control
- Every wallet is the operator’s own — a Privy embedded wallet, MetaMask, Ledger, or any self-custodial wallet. The runtime signs only through a Privy-managed API wallet the operator authorized and can revoke at any moment. The signing key never leaves the managed enclave, and losing an API key never loses operator funds.
- The signer is scope-limited
- The control plane signs only order, cancel, and schedule-cancel actions. It does not — and the policy must not let it — withdraw, transfer, or change account settings.
- Signing refuses when the runtime is unsafe
- A live lease is required; it is short-lived and renewed only by the runtime’s own signed heartbeats. Signing is refused when the lease has expired, when the runtime reports a halt, or when the data feed diverges — and risk-reducing actions stay available even then.
- Refusals are evidence
- Every refusal is journaled as a public, replayable record. Refusals fail closed: a refusal that cannot be recorded blocks the action rather than allowing it. A declared safety check that silently did nothing would be worse than no check.
- Jurisdiction is declared
- Operator authority is geofenced from the United States and Ontario until there is regulatory clarity, and the fence is declared on every surface.
Responsible disclosure
We welcome good-faith security research and will not pursue legal action against researchers who follow this policy.
In scope: the signing path (control-plane action signing, the Privy delegation, and the heartbeat integrity the refusal logic depends on); authentication, API-key handling, and the live-lease lifecycle; the public surfaces on getzero.dev and app.getzero.dev.
How to report: email security@getzero.dev with a clear description, the affected surface, and reproduction steps. We acknowledge reports within three business days and coordinate disclosure timing with you.
Safe harbor: research is authorized only if you do not access, modify, or exfiltrate data that is not yours; do not move or attempt to move funds; do not degrade service to others; and stop and report once you have demonstrated a finding. Stay within your own operator account and test data.
Out of scope: social engineering, physical attacks, denial-of-service, findings that require a compromised operator device, and vulnerabilities in third-party infrastructure (Privy, Hyperliquid, Vercel, Supabase).
Audit history
2026-06-13 — signing-path penetration test covering the Privy delegation, the control-plane signing endpoint, the server-to-server heartbeat integrity, and the API-key and lease lifecycle. This was an internal adversarial review, each finding verified against the code — not an external audit; no external audit has been completed yet. The report is archived in the private repository and available to operators on request via security@getzero.dev.
What you can verify without asking: the signing boundary, the lease gating, and the refusal record are all public behavior, exercised on the proof surfaces below.
Verify it yourself
These claims are checkable without trusting this page. The proof surface replays signed decision records and journaled refusals; the developers surface publishes the contracts and schemas the runtime is held to.
Effective 2026-06-13. This statement is dated and versioned; any change is announced first on getzero.dev.