Legal · Privacy
Privacy Policy
Zentric Protocol ("we", "us", "our") operates the API service available at api.zentricprotocol.com and the website at zentricprotocol.com. This Privacy Policy explains what data we collect, why we collect it, and your rights over it.
We built Zentric Protocol to help developers protect user data. We apply the same standard to our own operations.
1. Who We Are (Data Controller)
The data controller for your personal data is Zentric Protocol. For any privacy-related questions, contact us at privacy@zentricprotocol.com.
2. Data We Collect
2.1 Waitlist and account registration
When you sign up for the waitlist or request an API key, we collect your email address. We use this to send your API key and product updates. We do not sell or share your email with third parties for marketing purposes.
2.2 API usage data
When you use the /v1/analyze endpoint, we process the text input you send. We use this solely to return an analysis result. We do not store the content of your prompts beyond the time needed to process the request and generate the signed report.
2.3 Usage metadata
We collect metadata about API requests: timestamp, latency, verdict (CLEARED / BLOCKED / ANONYMIZED), matched signatures, and request count against your quota. We do not log the raw content of your prompts.
2.4 Technical data
We collect standard server logs including IP addresses, HTTP headers, and request timestamps for security and abuse prevention purposes. These logs are retained for a maximum of 30 days.
3. How We Use Your Data
- To deliver the API service and return analysis results
- To send your API key and essential service communications
- To enforce usage limits and prevent abuse
- To generate the signed GDPR Art.30 audit reports included in each API response
- To improve the accuracy and performance of our detection signatures
4. Legal Basis for Processing (GDPR)
We process your data under the following legal bases:
- Contract performance — processing necessary to deliver the API service you signed up for
- Legitimate interests — security logging, abuse prevention, and service improvement
- Consent — for marketing communications (you can withdraw at any time)
5. Data Retention
- Email addresses: retained while your account is active, deleted within 30 days of account closure on request
- API request content: not stored beyond the processing window (~seconds)
- Usage metadata and audit logs: retained for 90 days, then deleted
- Server logs (IP, headers): retained for 30 days
6. Third-Party Processors
We use the following sub-processors to operate the service:
- Supabase — database infrastructure for API keys, usage metadata, and waitlist data (EU region)
- Vercel — hosting and edge infrastructure for the website and API gateway
- Stripe — payment processing for paid tier subscriptions (only for paying customers)
Each processor is bound by data processing agreements and complies with applicable privacy regulations.
7. Data Transfers
Our primary infrastructure operates within the EU (eu-west-1). Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses with sub-processors.
8. Your Rights (GDPR)
If you are located in the EU/EEA, you have the following rights:
- Access: request a copy of the personal data we hold about you
- Rectification: request correction of inaccurate data
- Erasure: request deletion of your personal data ("right to be forgotten")
- Portability: receive your data in a structured, machine-readable format
- Restriction: request that we limit processing of your data
- Objection: object to processing based on legitimate interests
- Withdraw consent: for any processing based on consent, at any time
To exercise any of these rights, contact us at privacy@zentricprotocol.com. We will respond within 30 days.
9. California Privacy Rights (CCPA)
If you are a California resident, you have the right to know what personal information we collect, request deletion of your information, and opt out of any sale of personal information. We do not sell personal information. To exercise your rights, contact us at privacy@zentricprotocol.com.
10. Security
We implement technical and organisational measures to protect your data, including encryption in transit (TLS), hashed API keys, and access controls. No system is 100% secure — if you discover a security issue, please contact us at security@zentricprotocol.com.
11. Cookies
The zentricprotocol.com website uses only essential cookies necessary for the site to function. We do not use advertising or tracking cookies.
12. Changes to This Policy
We may update this policy as the service evolves. We will notify registered users of material changes by email. The "Last updated" date at the top of this page reflects the most recent revision.
13. Contact
For privacy inquiries: privacy@zentricprotocol.com
For general inquiries: core@zentricprotocol.com