This policy details how data is handled within Your Azure environment. Our Managed App architecture ensures Your Customer Data never leaves Your tenant for ZyptAI's own storage or processing. ZyptAI acts as a Data Processor under Your direction as Data Controller.
We leverage Azure OpenAI's Enterprise privacy stack, meaning there is no human review of Your prompts by ZyptAI or Microsoft, and no data exfiltration for model fine-tuning. Your prompts and completions are not logged by ZyptAI at any central level.
Our technical access via Azure Lighthouse is logged and restricted to the Azure management plane. We do not have routine access to Your search indexes, databases, or private documents. Any access required for support purposes will be requested explicitly and logged in Your Azure Activity Log.
Usage metrics collected via Application Insights are used only for health monitoring and service improvement. We do not retain full prompt history in our central logs; all conversational history stays in Your subscription's Cosmos DB instance under Your control.
Our marketing website (zyptai.com) uses Google Analytics (gtag) to collect anonymised usage statistics such as page views and session duration. No Customer Data or SAP project data is involved. You can opt out via your browser's cookie settings or a standard ad blocker. The deployed ZyptAI application within Your Azure tenant does not use third-party analytics.
For customers processing personal data of EU/EEA residents, ZyptAI relies on Microsoft's Data Processing Agreement and Standard Contractual Clauses for any cross-border transfers within the Azure infrastructure. As Your Customer Data remains within Your selected Azure regions, ZyptAI does not independently transfer personal data outside Your chosen geography. Please contact us at contact@zyptai.com to request a Data Processing Agreement.
You control retention by configuring the Azure services in Your MRG. Upon cancellation or termination, all resources within Your MRG are deprovisioned according to Azure standard policies. ZyptAI does not maintain independent backups of Your Customer Data.
As Data Controller, You retain full ownership and all rights over Your Customer Data, including rights of access, rectification, erasure, and portability. Requests relating to Customer Data should be managed through Your internal Azure AD governance. For enquiries about data ZyptAI holds about you as a contact (e.g., from our website contact form), email contact@zyptai.com.
For further inquiries regarding our legal framework, please connect with us at contact@zyptai.com
Return to Homepage