Privacy Policy
Last Updated: March 13, 2026
1. The "Zero-Training" Guarantee
We do not train our models on your data.
- Zedly utilizes pre-trained Large Language Models (LLMs) via secure APIs or local inference.
- Your documents, queries, and generated outputs are never used to improve, fine-tune, or train our base models (Llama, GPT, Claude).
- We contractually enforce "Zero-Data Retention" policies with our upstream providers (if applicable) for the duration of inference.
- By default, Zedly does not retain embeddings or derived analysis data unless you explicitly enable this option in your settings.
2. Data Residency & Processing
The Vault β Independent, Redundant Storage
Your original files are stored on Backblaze B2, an independent cloud storage provider. Zedly does not use AWS, Google Cloud, or Microsoft Azure for file storage. Your documents sit on infrastructure that the Big 3 cloud providers have no access to.
Data Durability (Erasure Coding): Every file uploaded to the Vault is broken into 20 shards (17 data + 3 parity) and distributed across 20 separate storage pods in 20 different cabinets. This erasure coding means your data can be fully reconstructed even if three storage pods fail simultaneously.
Ransomware & Deletion Protection: Backblaze Object Lock provides WORM (Write Once, Read Many) capability, ensuring that stored files cannot be overwritten, deleted, or encrypted by ransomware during the lock retention period.
Geographic Redundancy: Backblaze operates data centers in Sacramento and Stockton (California), Phoenix (Arizona), Reston (Virginia), Amsterdam (Netherlands), and Toronto (Canada). B2 Cloud Replication copies data between regions automatically for disaster recovery and compliance. You can select your data region upon account creation: US West, US East, EU Central, or CA East.
Off-Platform Redundancy for Big 3 Users: If your organization already uses AWS, Google Cloud, or Azure as its primary cloud, the Vault adds critical redundancy on completely separate infrastructure. If your primary provider experiences an outage, policy change, or data breach, your Vault data remains untouched β stored independently where the Big 3 have no access, no visibility, and no control.
The Desk
When active, your data is processed in volatile memory (RAM) within a secure, isolated container.
Destruction
Upon "Hibernation" or session termination, the RAM container is destroyed, and all active vectors are cryptographically erased.
Optional Session Persistence If a user chooses to save a session, Zedly may retain certain derived analysis artifacts (such as vector embeddings and document summaries) solely for the purpose of enabling faster follow-up analysis. This data is never retained by default and is stored only when explicitly enabled by the user in their account settings. Users may delete all persisted data at any time by using the βClear Deskβ feature, which permanently removes documents, derived artifacts, and associated session data.
3. Information We Collect
| Data Type | Description |
|---|---|
| Account Data | Email, Name, Billing Information (processed via Stripe). |
| Usage Data | Telemetry on how you use the app (e.g., "Number of queries," "Storage used"). We do not collect the content of your queries. |
| Derived Analysis Data | Optional embeddings and summaries generated from user-provided documents. This data is created only to support document analysis, is never used for model training, and is retained only if the user explicitly enables session persistence. |
4. Third-Party Subprocessors
We use the following trusted services to operate Zedly AI. We ensure they adhere to strict privacy standards.
Services That Process Your Data
These subprocessors may receive, process, or store your document content or queries.
| Service | Provider | Purpose | Data Retention |
|---|---|---|---|
| Object Storage | Backblaze B2 | Encrypted file storage (The Vault) | User-controlled; Object Lock available |
| Vector Database | Zilliz Cloud | Document embeddings for semantic search | Ephemeral or user-persisted (based on settings) |
| LLM Inference | Groq | AI responses from your queries and document context | Zero retention; not used for training |
| Document Processing | Modal | Text extraction, chunking, and embedding generation | Ephemeral containers; destroyed after job completion |
| Embedding Generation | Voyage AI | Converts document text into vector embeddings | Zero retention |
| Code Sandbox | E2B | Python execution for data analysis (Analyst feature) | Ephemeral MicroVM; destroyed after execution |
| CDN / WAF | Cloudflare | DDoS protection, SSL termination, traffic proxying | Transient; no persistent storage of request bodies |
| Advanced Analysis | Azure OpenAI | Complex reasoning queries (medical, legal) | Zero data retention enabled; not used for training |
For HIPAA-enabled workspaces, E2B code sandbox is disabled (no BAA available). Contact us for details on HIPAA-specific subprocessor configurations.
Services That Do Not Process Your Documents
These services handle only account, billing, or notification data and never see your document content.
| Service | Provider | Purpose |
|---|---|---|
| Payments | Stripe | Payment processing and subscriptions |
| Brevo | Transactional emails (welcome, password reset, notifications) | |
| Authentication | Google OAuth | SSO login via Google accounts |
| Schema Metadata | Anthropic (Claude) | Column name disambiguation for spreadsheets (no cell values) |
5. Zedly Shield Plugin Data
Zedly Shield is an optional OpenClaw plugin that provides runtime safety for agentic AI workflows. When connected to the Zedly cloud dashboard, the plugin sends event metadata only. This section describes what data the plugin transmits and how we handle it.
5.1 What the Plugin Sends
| Data Field | Description |
|---|---|
| Event Type | The category of event (e.g., tool call, policy block, redaction, agent start/end). |
| Tool Name | The name of the tool invoked by the agent (e.g., exec, read, write). |
| Tool Path | A sanitized and truncated version of the command or file path associated with the tool call (up to 200 characters). This may include directory paths or partial shell commands. |
| Session ID | An identifier for the agent session or cron job (e.g., agent:main:cron:UUID). |
| Policy Hits | Labels indicating which policy rules were triggered (e.g., shell.rm_rf_root, redact.email:2). These are rule identifiers, not content. |
| Action Taken | Whether the tool call was allowed, blocked, or redacted. |
| Timestamps | When each event occurred (epoch milliseconds). |
| Plugin Version | The installed version of the Shield plugin. |
| Hash Chain | A SHA-256 hash linking each event to the previous event for tamper detection. |
5.2 What the Plugin Does NOT Send
The Shield plugin is designed with a low-custody, metadata-only architecture. The following data never leaves your machine:
- Raw user messages or prompts
- Raw tool output or file contents
- Personally identifiable information (PII) β redaction happens locally before any data is transmitted
- Document content, embeddings, or model responses
5.3 Tool Path Sensitivity
The toolPath field may contain file paths (e.g., /home/user/reports/q1.csv) or truncated shell commands. While these are sanitized and do not include file contents, they may reveal directory structure, filenames, or command patterns. If this is a concern for your environment, you can operate Shield in local-only mode (see Section 5.5).
5.4 Data Retention for Shield
Shield event metadata is retained for the duration of your account or until you delete the associated Shield instance from the dashboard. Deleting a Shield instance permanently removes all associated events, runs, and audit log entries. Account deletion removes all Shield data within 30 days, consistent with our general data deletion policy.
5.5 Local-Only Mode
You can operate the Shield plugin without connecting to the Zedly cloud dashboard. In local-only mode, all events are written to a JSONL file on your machine and no data is transmitted to Zedly. Local-only mode provides the same policy enforcement, PII redaction, and audit logging capabilities β the only difference is that fleet visibility and cloud-based policy management are not available.
5.6 Subprocessors
Shield event metadata is processed and stored by the same Zedly infrastructure described in Section 4. No additional subprocessors are used for Shield data.
6. Your Rights (GDPR / CCPA)
You have the right to:
Export
Download all your Vault data at any time. For Shield data, you can request an export of your event metadata by contacting support.
Delete
Request the permanent deletion of your account. We will scrub all data β including Vault files, Shield events, and backups β within 30 days. You can also delete individual Shield instances at any time from the dashboard.