Privacy Policy


This Privacy Policy describes how RISC Zero, Inc. (“we”, “us”, or “our”) handles data that can be related to an identified or identifiable individual (“Personal Information”) that we collect through our website, the Bonsai Platform and through any other websites that we own or control and which link to this Privacy Policy (collectively, the “Services”).

Personal information we collect

Information you submit to us:

  • Contact and account information, such as your first and last name, phone number, email address.
  • Transaction data, such as payment information, ordering information, order history, service delivery information, and any information necessary for us to provide products and services to you or your designate.
  • Feedback or correspondence, such as information you provide when you contact us with questions, feedback, or otherwise correspond with us online.
  • Usage information, such as information about how you use the Services and interact with us.  
  • Marketing information, such as your preferences for receiving communications about our Services, and details about how you engage with our communications.
  • Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Information we obtain from third parties: We may maintain pages on social media platforms, such as Facebook, Instagram, LinkedIn, and other third-party platforms. When you visit or interact with our pages on those platforms, the platform provider’s privacy policy will apply to your interactions and their collection, use and processing of your Personal Information.

Automatic data collection. We and our service providers may automatically log information about you, your computer or mobile device, and your interactions over time with our Services, our communications and other online services, such as:

  • Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers, language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 4G), and general location information such as city, state or geographic area.
  • Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, browsing history, navigation paths between pages or screens, information about your activity on a page or screen, access times, duration of access, and whether you have opened our marketing emails or clicked links within them.

How we use your personal information

To operate our Services:

  • Provide, operate, maintain, secure and improve our Services.
  • Communicate with you about our Services, including by sending you announcements, updates, security alerts, and support and administrative messages.
  • Understand your needs and interests, and personalize your experience with our Services and our communications.
  • Respond to your requests, questions and feedback.

For research and development. We may use your Personal Information for research and development purposes, including to analyze and improve our Services and our business. As part of these activities, we may create aggregated, de-identified, or other anonymous data from Personal Information we collect. We make Personal Information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and disclose it to third parties for our lawful business purposes, including to analyze and improve our Services and promote our business.

Direct marketing. We may from time-to-time send you direct marketing communications as permitted by law, including, but not limited to, notifying you of special promotions, offers and events via email. You may opt out of our marketing communications as described in the “Opt out of marketing communications” section below.

Compliance and protection. We may use Personal Information to:

  • Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
  • Protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims).
  • Audit our internal processes for compliance with legal and contractual requirements and internal policies.
  • Enforce the terms and conditions that govern our Services.
  • Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

How we disclose your personal information

Generally, we disclose Personal Information for any of the purposes described in this policy. This is part of our normal course of business. In this way, we disclose to the following parties:

Affiliates. We may disclose your Personal Information to our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.

Service providers. We may disclose your Personal Information to third party companies and individuals that provide services on our behalf or help us operate our Services (such as lawyers, bankers, auditors, insurers, customer support, hosting, analytics, email delivery, marketing, and database management).

There are times where we need to disclose Personal Information for purposes which are not in the normal course of business. So, along with Affiliates, and Services Providers, we may disclose to the following parties:

Authorities and others. We may disclose your Personal Information to law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.

Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your Personal Information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution. In such a case, we will make reasonable efforts to require the recipient to honor this Privacy Policy.

International transfers. When you are located in the European Economic Area (“EEA”), Personal Information collected from you will be transferred to recipients in countries located outside the EEA which do not provide a similar or adequate level of protection to that provided by countries in the EEA. We will take appropriate steps to ensure that any Personal Information is treated securely and in accordance with this Privacy Policy.

Your Privacy Choices

Opt out of marketing communications. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email. You may continue to receive service-related and other non-marketing emails.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. Since DNT signals are not generally accepted by the industry, we currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit

Depending on your state of residence, you may have additional choices regarding how we use your Personal Information, including the following:

  • Accessing your Personal Information. You may request that we provide you: (i) the specific pieces of Personal Information that we have about you; (ii) categories of Personal Information we have collected about you; (iii) categories of sources from which the Personal Information is collected; (iv) categories of Personal Information that we have sold or disclosed for a business purpose about you; (v) categories of third parties to whom the Personal Information was sold or disclosed for a business purpose; and (vi) the business or commercial purpose for collecting or selling Personal Information. Please note that much of the information you can make a request for is already contained in this Policy.

If you would like to request deletion or correction of your Personal Information, please see the section below entitled “How to contact us”. As part of this process, we may ask for some Personal Information in order to verify your identity and your rights to the data which is subject to your request.

  • Modifying or Deleting Your Information.  While some privacy laws provide a right to correct or delete Personal Information about you, those rights are fairly limited. As such, we may not be able to change or delete your information in all circumstances. For example, we retain Personal Information as necessary to: complete the transaction for which the Personal Information was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between us and you; detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity; debug to identify and repair errors that impair existing intended functionality of our online properties; enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us; comply with a legal obligation; or otherwise use your Personal Information, internally, in a lawful manner that is compatible with the context in which your provided the information. If you would like to request deletion or correction of your Personal Information, please see the section below entitled “How to contact us”.
  • Selling or Sharing of Personal Information. We do not sell or share your Personal Information as defined by California privacy law.
  • How to contact us. If you are a resident of a jurisdiction with applicable privacy law, and would like to exercise any of your rights you may do so by contacting us by using the contact particulars noted in the “Contact Us” section below.

Individuals in the EEA also have the right to lodge a complaint about the processing of their Personal Information with their local data protection authority.

  • Designating an Authorized Agent. Some jurisdictions permit their residents to designate an agent to manage their rights under the relevant privacy law. If you would like to designate an agent to manage your privacy preferences, you may do so using the mechanisms noted above under “How to contact us”. We will also need sufficient Personal Information about your authorized agent to be able to identify them. As part of this process, you must have permission from your authorized agent to disclose their Personal Information to us for the purpose of acting as your agent.
  • Appeals. Should we deny your request for Access, Correction, or Deletion, you may appeal that decision by sending an email to us identifying why you believe the denial is improper, a copy of the original request, a copy of the communication denying your request, and your desired outcome. We will then escalate your appeal to the appropriate parties inside RISC Zero to review the merits of your appeal. We will respond with our decision on your appeal within 45 days of receipt of your appeal.
  • Non-discrimination. Some laws do not permit us to discriminate against you because you exercised any your rights under this title, including, but not limited to, by: denying you access to goods or services; charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; providing a different level or quality of goods or services; suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

Other sites, mobile applications and services

Our Services may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use and disclosure of your Personal Information. We encourage you to read the privacy policies of the other websites and mobile applications and online services you use.


We employ a number of technical, organizational, and physical safeguards designed to protect the Personal Information we collect. However, no security measures are failsafe and we cannot guarantee the security of your Personal Information.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the website.

How to contact us

Please direct any questions or comments about this Policy or our privacy practices to You may use the to exercise your privacy rights as noted above as well.