Privacy Policy
Last Updated: February 17, 2026
1. The "Zero-Training" Guarantee
We do not train our models on your data.
- Zedly utilizes pre-trained Large Language Models (LLMs) via secure APIs or local inference.
- Your documents, queries, and generated outputs are never used to improve, fine-tune, or train our base models (Llama, GPT, Claude).
- We contractually enforce "Zero-Data Retention" policies with our upstream providers (if applicable) for the duration of inference.
- By default, Zedly does not retain embeddings or derived analysis data unless you explicitly enable this option in your settings.
2. Data Residency & Processing
The Vault β Independent, Redundant Storage
Your original files are stored on Backblaze B2, an independent cloud storage provider. Zedly does not use AWS, Google Cloud, or Microsoft Azure for file storage. Your documents sit on infrastructure that the Big 3 cloud providers have no access to.
Data Durability (Erasure Coding): Every file uploaded to the Vault is broken into 20 shards (17 data + 3 parity) and distributed across 20 separate storage pods in 20 different cabinets. This erasure coding means your data can be fully reconstructed even if three storage pods fail simultaneously.
Ransomware & Deletion Protection: Backblaze Object Lock provides WORM (Write Once, Read Many) capability, ensuring that stored files cannot be overwritten, deleted, or encrypted by ransomware during the lock retention period.
Geographic Redundancy: Backblaze operates data centers in Sacramento and Stockton (California), Phoenix (Arizona), Reston (Virginia), Amsterdam (Netherlands), and Toronto (Canada). B2 Cloud Replication copies data between regions automatically for disaster recovery and compliance. You can select your data region upon account creation: US West, US East, EU Central, or CA East.
Off-Platform Redundancy for Big 3 Users: If your organization already uses AWS, Google Cloud, or Azure as its primary cloud, the Vault adds critical redundancy on completely separate infrastructure. If your primary provider experiences an outage, policy change, or data breach, your Vault data remains untouched β stored independently where the Big 3 have no access, no visibility, and no control.
The Desk
When active, your data is processed in volatile memory (RAM) within a secure, isolated container.
Destruction
Upon "Hibernation" or session termination, the RAM container is destroyed, and all active vectors are cryptographically erased.
Optional Session Persistence If a user chooses to save a session, Zedly may retain certain derived analysis artifacts (such as vector embeddings and document summaries) solely for the purpose of enabling faster follow-up analysis. This data is never retained by default and is stored only when explicitly enabled by the user in their account settings. Users may delete all persisted data at any time by using the βClear Deskβ feature, which permanently removes documents, derived artifacts, and associated session data.
3. Information We Collect
| Data Type | Description |
|---|---|
| Account Data | Email, Name, Billing Information (processed via Stripe). |
| Usage Data | Telemetry on how you use the app (e.g., "Number of queries," "Storage used"). We do not collect the content of your queries. |
| Derived Analysis Data | Optional embeddings and summaries generated from user-provided documents. This data is created only to support document analysis, is never used for model training, and is retained only if the user explicitly enables session persistence. |
4. Third-Party Subprocessors
We use the following trusted services to operate Zedly AI. We ensure they adhere to strict privacy standards.
Services That Process Your Data
These subprocessors may receive, process, or store your document content or queries.
| Service | Provider | Purpose | Data Retention |
|---|---|---|---|
| Object Storage | Backblaze B2 | Encrypted file storage (The Vault) | User-controlled; Object Lock available |
| Vector Database | Zilliz Cloud | Document embeddings for semantic search | Ephemeral or user-persisted (based on settings) |
| LLM Inference | Groq | AI responses from your queries and document context | Zero retention; not used for training |
| Document Processing | Modal | Text extraction, chunking, and embedding generation | Ephemeral containers; destroyed after job completion |
| Embedding Generation | Voyage AI | Converts document text into vector embeddings | Zero retention |
| Code Sandbox | E2B | Python execution for data analysis (Analyst feature) | Ephemeral MicroVM; destroyed after execution |
| CDN / WAF | Cloudflare | DDoS protection, SSL termination, traffic proxying | Transient; no persistent storage of request bodies |
| Advanced Analysis | Azure OpenAI | Complex reasoning queries (medical, legal) | Zero data retention enabled; not used for training |
For HIPAA-enabled workspaces, E2B code sandbox is disabled (no BAA available). Contact us for details on HIPAA-specific subprocessor configurations.
Services That Do Not Process Your Documents
These services handle only account, billing, or notification data and never see your document content.
| Service | Provider | Purpose |
|---|---|---|
| Payments | Stripe | Payment processing and subscriptions |
| Brevo | Transactional emails (welcome, password reset, notifications) | |
| Authentication | Google OAuth | SSO login via Google accounts |
| Schema Metadata | Anthropic (Claude) | Column name disambiguation for spreadsheets (no cell values) |
5. Your Rights (GDPR / CCPA)
You have the right to:
Export
Download all your Vault data at any time.
Delete
Request the permanent deletion of your account. We will scrub all data from our Vault and Backups within 30 days.