Private AI for sensitive documents — with configurable retention and a zero-training guarantee.
- Zero-Training Guarantee — Your documents never train, fine-tune, or improve any model. Contractual commitment.
- Ephemeral Desk — Documents are processed in an isolated environment; we avoid persistent storage in Desk processing and destroy temporary artifacts after each job.
- Clear Desk + Retention Controls — Wipe all indexed data on demand, or set per-workspace retention policies.
How Your Data Flows
Three stages — encrypted storage, ephemeral processing, and cleanup of Desk artifacts.
The Vault
Documents stored with AES-256 encryption on Backblaze B2. Erasure-coded with multi-zone durability. Object Lock (WORM) prevents tampering or ransomware deletion.
The Desk
No persistent disk storage in Desk environments; temporary scratch is ephemeral and destroyed after the job. Ingestion workers fetch from object storage via presigned URLs.
The Purge
All Desk processing artifacts are destroyed after each job. Documents remain encrypted in the Vault until you delete them or per your retention policy.
Core Security Controls
Enterprise-grade protections built into every layer of the platform.
Encryption
AES-256 encryption at rest. TLS 1.3 for all data in transit. Presigned URLs mean the web application does not process raw file bytes in the default flow.
Workspace & Tenant Isolation
Each workspace is logically isolated with its own access controls, retention settings, and storage partition. No cross-tenant data access.
Retention Controls
Configure retention per workspace. Clear Desk removes all indexed data on demand. Account deletion triggers full purge across all storage layers.
Ransomware Protection
Object Lock (WORM) on Backblaze B2 prevents deletion or modification of stored files for configurable immutability periods.
Audit Trails
Comprehensive logging of document access, processing events, and administrative actions. Exportable audit logs available on enterprise plans.
Access Control
Role-based access control (RBAC) for team workspaces. SSO integration available on enterprise plans. Granular permission management.
Data Retention & Deletion
Clear policies for every stage of the data lifecycle.
| Scenario | Behaviour | Timeframe |
|---|---|---|
| Default | Documents stored encrypted in the Vault. Ephemeral processing data purged after each job. | Until user deletes |
| Clear Desk | All indexed data, embeddings, and cached extractions removed from the workspace. | Immediate on trigger |
| Account Deletion | Full purge across Vault, vector database, and all metadata stores, subject to backup retention schedules. | Within 30 days |
| Saved Sessions | Chat history, document pointers, and workspace embeddings/chunks for search. Removable via Clear Desk or per-workspace retention policy. | Until user deletes |
Subprocessors
Third-party services that may process data on your behalf.
| Service | Provider | Purpose | Data Handling |
|---|---|---|---|
| Object Storage | Backblaze B2 | Encrypted document storage (the Vault) | AES-256 at rest, Object Lock. SOC 2 Type II. |
| Payments | Stripe | Subscription billing | Billing data only — no document content. SOC 2 Type II. |
| Vector Database | Zilliz Cloud | Semantic search embeddings | Embeddings and retrieval chunks generated during ingestion. Clear Desk removes indexed data. Per-workspace partitioning. SOC 2 Type II. |
| Code Sandbox | E2B | Sandboxed code execution (structured analysis) | Firecracker MicroVMs; environments are time-bounded and recycled. No persistent volumes attached for customer documents. |
| LLM Inference | Groq | AI response generation | Zero Data Retention (ZDR) enabled; prompts and outputs are not retained or used for training. |
| Ephemeral Compute | Modal | Document ingestion, OCR, embeddings | Ephemeral container execution; environments are time-bounded and recycled. No persistent volumes attached for customer documents. |
| LLM Inference | Azure OpenAI | AI response generation (conditional, per-workspace config) | Not used for model training. Prompts/completions may be retained for abuse monitoring unless an approved no-retention configuration is enabled. |
Automated redaction is applied prior to transmission where applicable. Full subprocessor details available under NDA — request the Security Pack.
Deployment Options
Pick the privacy level that fits your policy.
☁ Managed SaaS (Secure Cloud)
- AES-256 encryption at rest
- TLS 1.3 in transit
- Clear Desk & retention controls
- Zero-training guarantee
- Ready in minutes
⚙ VPC (Single-Tenant)
- Deploy in your own cloud
- PrivateLink / VNet peering
- Customer-managed keys
- Network isolation
- Full audit control
🔒 Air-Gapped / On-Prem
- Runs on your hardware
- No outbound connections
- Complete data sovereignty
- Designed for high-security environments
- Offline updates
Compliance Posture
Built on certified infrastructure with aligned operational controls.
SOC 2 Type II Certified Vendors
Core infrastructure providers — Backblaze, Zilliz, and Stripe — are independently SOC 2 Type II certified. Vendor certifications do not constitute a Zedly SOC 2 certification, but they do support inherited controls across physical and network security layers.
SOC 2-Aligned Operations
Zedly implements operational controls aligned with SOC 2 principles: encryption at rest and in transit, access control, audit logging, and incident response procedures.
BAA Available
Business Associate Agreements are available on enterprise plans for organizations handling protected health information (PHI) under HIPAA.
Request the Security Pack
- Data Lifecycle one-pager
- Subprocessor list
- Retention and deletion statement
- Architecture diagram
- Audit log sample (redacted)
Contact & Responsible Disclosure
For security inquiries, subprocessor questions, or to report a vulnerability.
To report a vulnerability, email [email protected] with a description and reproduction steps. We aim to acknowledge reports within 48 hours.
Zedly staff do not access customer documents unless explicitly authorized for support.