Skip to main content

Privacy Policy

Last updated: March 13, 2026

BlackRainbow is a security assurance framework at black-rainbow.ai, built and operated by zero-lab.ai. This policy explains what data we collect, what we don't, and how we handle it.

We wrote this for security professionals. You read policies carefully. So we kept it short and honest.

Analytics

We use Plausible Analytics. Plausible is cookieless and privacy-first:

  • No cookies. None. Zero.
  • No personal data collection. No names, emails, IP addresses, or fingerprinting.
  • No cross-site tracking. No advertising profiles. No data sold or shared.
  • GDPR, CCPA, and PECR compliant without requiring cookie consent banners.

We see aggregate numbers only: page views, referral sources, browser type, country. We cannot identify individual visitors from this data.

RAG Chat

BlackRainbow includes an AI-powered chat feature. Here is exactly what happens when you use it:

  • Your query is sent to a Cloudflare Worker, which forwards it to Anthropic's Claude API for processing.
  • Your queries are not logged or stored by us. They are processed in-flight and discarded.
  • Anthropic processes the query under their API terms. Anthropic does not train on API inputs.
  • No conversation history is persisted between sessions.

If we add query logging or storage in the future, this policy will be updated before that happens, and you will know.

Hosting and Infrastructure

The site is hosted on Cloudflare Pages. Cloudflare processes standard connection data (IP addresses, request headers) as part of delivering the site to your browser. This is governed by Cloudflare's Privacy Policy. We do not access or store this connection-level data.

During pre-launch, access is managed through Cloudflare Access for design partners. This requires authentication through Cloudflare's identity flow. Once the site is public, this gate will be removed.

What We Do Not Do

  • No tracking cookies or pixels. No third-party analytics scripts.
  • No advertising networks. No retargeting.
  • No data brokers. No data sales. Ever.
  • No user accounts or billing data collected (yet).

Future Changes

When we introduce user accounts, paid tiers, or query logging, this policy will be updated before those features go live. We will not retroactively apply new data practices to data collected under previous terms.

Contact

Questions about this policy: pete@zero-lab.ai

Changes to This Policy

We will update this page when our data practices change. Material changes will be announced on the site. The "last updated" date at the top tells you when this was last revised.