RZØ Logo
EN
PT
Back to Home
LAST UPDATED: [ PUBLICATION DATE ]

TERMS OF USE

Terms of Use — ReplicaZero

Version: 1.0 — MVP
Effective date: June 28, 2026
Last updated: June 28, 2026

Note: The official and legally binding version of these Terms of Use is written in Brazilian Portuguese. This English version is provided for informational purposes only. In case of any discrepancy, the Portuguese version shall prevail.

Read the official version in Portuguese →

By installing, accessing, or using the ReplicaZero application ("Application"), you ("User") confirm that you have read, understood, and agree to these Terms of Use ("Terms"). If you do not agree with any part of these Terms, do not use the Application.

1. Who We Are

ReplicaZero [Legal name to be inserted]
Company registration: [to be filled]
Headquarters: Curitiba, State of Paraná, Brazil
Contact: [email protected]

These Terms govern the use of the ReplicaZero Application by end users (individuals). Use of the platform by partner companies is governed by a separate contractual instrument (B2B Partnership Agreement).

2. What ReplicaZero Is

ReplicaZero is a sovereign digital identity platform that allows Users to store their personal data on their own device and share it with partner companies in a controlled, encrypted, and explicitly consented manner — eliminating paper forms, manual data entry, and the risk of leaks from centralized databases.

2.1 The Vault

The Vault is the local identity vault of the Application. It resides exclusively on your device, encrypted with military-grade standards (AES-256). Your personal data (name, national ID, documents, address, etc.) only exists in the Vault — not on ReplicaZero servers.

2.2 Interaction Types

  • Uplink: A partner company requests your data. You receive the request and decide to approve or decline.
  • DropLink: You proactively send your data to a partner company.
  • CrossLink: A company initiates a registration with your information and the Application notifies you to confirm and complete the data ("Claim").
  • FlashLink: Direct sharing between users, with a single-use link and access PIN, that expires automatically after opening.

2.3 Free of Charge

The ReplicaZero Application is and will remain free for end users.

3. Account and Registration

3.1 Account Creation

When using the Application for the first time, you create an account that includes:

  • ZeroTag: your unique identifier on the ReplicaZero network (e.g., @yourname).
  • Email: used exclusively for communication and support.

No password is linked to your ReplicaZero account. Access to the Vault is protected by your device's own PIN or biometrics (Android Keystore / iOS Keychain). Account security depends on your device security.

3.2 Minimum Age

The Application is intended for individuals 18 (eighteen) years of age or older. By accepting these Terms, you declare that you meet the minimum age requirement.

3.3 Accuracy of Information

You are responsible for the accuracy of the data you register in the Vault. Sharing false information with partner companies may constitute a civil and/or criminal offense, for which you bear exclusive responsibility.

3.4 One Primary Device

The Application is designed for use on one primary device at a time. Migration to a new device requires the restoration process described in Section 5.

4. The Seed Phrase and Your Responsibilities

The Seed Phrase: a sequence of 12 words in the BIP-39 standard is the master key that protects your backup and enables data restoration. Generating the Seed Phrase is a fully optional process and can be performed by the User at any time via the Settings menu of the Application (and is not required during the initial onboarding to reduce friction).

4.1 Your Obligations Regarding the Seed Phrase

  • Write down your Seed Phrase on paper or a secure medium when you decide to generate a backup
  • Store it in a safe place, preferably offline and physically protected
  • Do not share your Seed Phrase with anyone — not even ReplicaZero
  • Do not photograph or store it as plain text in online services

4.2 What ReplicaZero Does Not Know and Cannot Do

ReplicaZero does not store, does not know, and cannot recover your Seed Phrase. This is intentional and is what ensures that only you have access to your Vault.

ReplicaZero has no Seed Phrase recovery mechanism. There is no "I forgot my seed." If you lose the Seed Phrase and do not have access to the original device, your Vault data will be permanently inaccessible.

5. Backup and Restoration

5.1 How Backup Works

The Application allows you to export your Vault as an encrypted backup file (.rz0). The file is generated locally on your device. You choose where to store it: Google Drive, iCloud, email, USB drive, or any other destination of your preference.

ReplicaZero does not receive, store, or have access to this file.

5.2 How Restoration Works

To restore the Vault on a new device, you will need:

  1. The backup file (.rz0) you exported
  2. Your 12-word Seed Phrase

Without both, restoration is not possible.

5.3 Backup Responsibility

Performing regular backups is the exclusive responsibility of the User. ReplicaZero strongly recommends that you:

  • Back up whenever you update important data in the Vault
  • Store the backup file in more than one secure location
  • Keep your Seed Phrase secure and separate from the backup file

ReplicaZero is not responsible for data loss resulting from the absence of a backup or the loss of the Seed Phrase.

6. Data Sharing with Companies

6.1 Your Control Is Absolute

No data from your Vault is transmitted to any company without you actively approving the request in the Application. There is no automatic or implicit sharing.

6.2 What Happens When You Approve

When you tap "Accept" on a data request:

  1. The authorized fields leave your Vault, are encrypted by your device, and transmitted to the partner company via a secure tunnel.
  2. A Consent Receipt is generated — an immutable cryptographic record proving that you, at that moment, authorized that specific sharing.
  3. The company receives the data and becomes responsible for its use.

6.3 Responsibility After Sharing

After sharing approved by you, the data enters the partner company's sphere, which has its own terms of use and privacy policy. ReplicaZero does not control, monitor, or take responsibility for how the partner company uses the data after receipt.

We recommend reviewing the company's policies before sharing.

6.4 Interaction Types and Data Transit (24-hour TTL)

Personal data provided by the User transits in a strictly end-to-end encrypted manner and remains temporarily in RAM memory on ReplicaZero's servers for a maximum of 24 (twenty-four) hours (Time-To-Live - TTL). The exact duration of data in transit is determined by the action taken by the parties:

  • Uplink (Company-initiated): The partner company sends a data request (via QR Code, Push, or email). Upon User acceptance, the encrypted data is temporarily transmitted, processed in server memory for delivery to the company's system, and immediately deleted. If declined by the User, only a rejected status log is generated (with an optional reason), and no data is transited.
  • DropLink (User-initiated): The User takes the initiative to send data to a company (via @ZeroTag). The encrypted data is kept in staging awaiting acceptance by the partner company. If accepted, it is integrated and removed from transit; if declined, it is permanently deleted from the server.
  • CrossLink (Preliminary Onboarding): The partner company initiates a registration on behalf of the User when they do not yet have the application installed. The data is kept encrypted in the backend's temporary Inbox for up to 24 hours. The User has this time limit to install the application and claim their local vault. After 24 hours without a claim, the data is permanently deleted from the servers without any retention.
  • FlashLink (P2P Sharing): Direct sharing of encrypted data between individual users via a link with a PIN. The package remains stored in an encrypted format with the key derived from the PIN (Zero-Knowledge model, the server does not have access) for up to 24 hours. As soon as the recipient consumes the link, the package is immediately deleted (Burn After Reading). If not consumed within 24 hours, it expires and is deleted.

6.5 Revocation

Approval of sharing through any of the flows does not create a permanent right of the company over your data. You may, at any time, stop sharing data with a company simply by declining future requests. For the Live Sync model (future), a continuous permission revocation mechanism will exist directly within the Application.

7. Acceptable Use

By using the Application, you agree not to:

  • Register or share false, fraudulent, or third-party data without authorization
  • Attempt to reverse engineer, decompile, or modify the Application
  • Use the Application for illegal activities, including identity fraud, scamming, or money laundering
  • Attempt to access other users' accounts
  • Use automated tools to interact with the Application in unintended ways

ReplicaZero reserves the right to suspend or terminate your account immediately in case of use that violates these Terms or applicable law.

8. Account Deletion

8.1 How to Delete

You may request account deletion at any time:

  • Via the "Delete my account" screen within the Application itself
  • By email to [email protected], identifying your account by ZeroTag or registered email

8.2 What Happens Upon Deletion

  • Your account data (ZeroTag, email, public key, Device ID, FCM Token) are permanently deleted from our servers
  • Consent Receipts (consent records) are retained for 5 (five) years even after account deletion, pursuant to legal record-keeping obligations
  • Your Vault content remains on your device — it belongs to you. To remove it completely, uninstall the Application
  • If you did not make a backup before deleting the account and uninstalling the Application, the Vault data will be permanently lost

8.3 Processing Time

Account deletion will be processed within 15 (fifteen) business days after the request.

9. Intellectual Property

9.1 ReplicaZero's Property

The Application, its architecture, source code, brand, design, name "ReplicaZero," logos, and other visual and functional elements are the exclusive property of ReplicaZero, protected by applicable intellectual property law.

9.2 Your Data

The data you store in the Vault is your exclusive property. ReplicaZero claims no rights over it.

10. Disclaimer and Limitation of Liability

10.1 Service Provided "As Is"

The Application is provided "as is" and "as available." ReplicaZero does not guarantee that the service will be uninterrupted, error-free, or 100% available.

10.2 Data Loss

Due to the On-Device architecture, ReplicaZero is not responsible for Vault data loss resulting from:

  • Loss, theft, breakage, or formatting of the device without prior backup
  • Loss of the Seed Phrase
  • Device hardware or software failure
  • Voluntary account deletion without backup

10.3 Use of Data by Partner Companies

ReplicaZero is not responsible for any damage resulting from how partner companies use data received after User approval.

11. Privacy

The processing of your personal data by ReplicaZero is governed by our Privacy Policy, which is an integral part of these Terms and should be read together.

12. Changes to These Terms

We may update these Terms at any time. When we make changes that materially affect your rights or obligations, we will notify you with at least 15 (fifteen) days' notice via push notification and/or email.

Continued use of the Application after the changes take effect constitutes acceptance of the new Terms.

13. Governing Law and Jurisdiction

These Terms are governed by the laws of the Federative Republic of Brazil. Disputes shall be resolved in the courts of Curitiba, State of Paraná, Brazil.

14. General Provisions

Entire Agreement: These Terms, together with the Privacy Policy, constitute the entire agreement between the User and ReplicaZero regarding use of the Application.

Severability: If any clause of these Terms is declared invalid or unenforceable, the remaining clauses shall remain in full force and effect.

15. Contact

For questions, suggestions, or complaints about these Terms:

Email: [email protected]
Address: Curitiba/PR, Brazil

This is an informational translation of the official Terms of Use. The official legally binding version is written in Brazilian Portuguese and governs in case of discrepancy.

Other legal documents

PrivacyB2B Terms