Privacy Policy

Privacy-first platform: Your data, your IP, your control

Last updated: December 11, 2025
Data Security

Encryption

All data is encrypted in transit (TLS) and at rest (AES-256). Your files are stored securely in Azure with enterprise-grade security measures.

Access Controls

Only you can access your data. Our staff cannot view your files or queries without explicit permission for technical support purposes.

Data Retention

Your data is retained only as long as you maintain an active account. You can request deletion at any time, and we will permanently remove your data within 30 days.

Data Collection & Usage

What We Collect

  • Account information for registered users (email, username, preferences)
  • Platform interaction data (anonymous usage patterns, feature usage)
  • System performance data (response times, error logs, uptime metrics)
  • Browser information and cookies for enhanced user experience

How We Use Your Data

  • To provide and improve our platform services
  • To personalize your user experience
  • To maintain system security and prevent fraud
  • To optimize platform performance and reliability
  • Platform analytics and support improvement (support interactions may be used to improve our AI support agent)
  • Your data (RAG) will be used for fine-tuning upon your request as a paid service

Data Protection Standards

  • EU-based hosting with GDPR compliance
  • End-to-end encryption for sensitive data
  • Minimal data collection principle
  • Automatic data retention limits
  • Encryption at rest for sensitive data

Model Providers & MCP Integrations

Our platform orchestrates large language models, third-party APIs, and Model Context Protocol (MCP) connectors that are subject to their own regional data handling practices. Subscription tier, account region, and provider policy determine how your prompts and artifacts are processed, and these terms are outside of our direct control.

  • Platform model provider: Microsoft Azure OpenAI Service. Review their data privacy statement at Microsoft Azure OpenAI data privacy.
  • MCP integrations that connect to remote services require you to authenticate with your own provider accounts; their privacy policies and data handling obligations apply directly between you and that service. Built-in utility connectors that do not reach external accounts link to the provider's official documentation or run entirely within Zaun AI.

Zaun AI operates its core infrastructure on Microsoft Azure with servers located in Germany (West Central region). While inference requests for Azure platform models may be processed globally depending on model availability and load balancing, all persistent data storage and retention remains exclusively within our German server infrastructure. We do not store customer data outside the EU unless explicitly requested for integration purposes.

Your Rights & Control

You have complete control over your data:

  • Data Portability: Export your data in standard formats anytime
  • Right to Deletion: Request complete removal of your data
  • Audit Trail: Request logs of how your data has been accessed
  • Data Correction: Update or correct any information
  • Processing Restriction: Limit how we process your data

Legal Commitment

This privacy policy is legally binding. We cannot change how we use your existing data without explicit consent.

Any changes to this policy will be communicated 30 days in advance, and you always have the right to opt-out or delete your data.

Contact & Data Requests

For privacy-related questions or data requests:

Privacy Officer

zaun@creatures.digital

Our Community Promise

We're building a community-first AI platform because we believe your data should work for you. Your domain knowledge is your asset, and we will never compromise it for profit.

Note: This Privacy Policy is designed to be transparent about our data practices and comply with GDPR requirements. For specific legal advice, please consult with legal counsel.

Zaun AI Community (zAI)