Security & Privacy at Zursum
We take the security of your data seriously. Our platform is built with enterprise-grade security measures and full compliance with global privacy regulations.
Certifications & Compliance
GDPR Compliant
Full compliance with EU data protection regulations
Data Encryption
TLS 1.3 in transit, AES-256 at rest
CCPA Ready
California Consumer Privacy Act compliance
Your conversations are private
We chose our AI providers specifically for their privacy-first approach. Here's how your data is handled:
Your data is never used for AI training
We use Anthropic Claude for AI analysis. Anthropic never uses API data to train their models - this is stated in their Commercial Terms.
Anthropic Commercial Terms30-day data retention with AI provider
Anthropic retains API data for 30 days for trust & safety purposes, then permanently deletes it. Zero data retention agreements are available for enterprise.
Anthropic Data Retention PolicyVoice data processed securely
Voice calls are processed by Retell AI, which is SOC 2 Type II certified and HIPAA compliant. Audio is deleted after processing unless you choose to save it.
Retell AI ComplianceSecurity Measures
Encryption in Transit
All data transmitted using TLS 1.3 encryption
Secure Cloud Infrastructure
Hosted on Vercel and Neon (PostgreSQL) with enterprise-grade security
Access Controls
Role-based access control and secure authentication via OAuth 2.0
Audit Logging
Comprehensive logging of security-relevant events for compliance
Rate Limiting
Protection against abuse with intelligent rate limiting on all endpoints
Regular Security Reviews
Ongoing security assessments and vulnerability monitoring
Your Data Rights
You have full control over your personal data. Here's what you can do:
Right to Access
Export all your personal data at any time
Right to Deletion
Delete your account and all associated data
Right to Portability
Download your data in a machine-readable format (JSON)
Data Retention Control
Organizations can configure custom data retention policies
To exercise any of these rights, go to Settings → Data & Privacy in your dashboard, or contact us at
Third-Party Subprocessors
We carefully select our service providers based on their security posture and privacy practices.
| Provider | Purpose | Certifications | Data Retention |
|---|---|---|---|
| Anthropic AI analysis and feedback generation | AI analysis and feedback generation | SOC 2ISO 27001 | 30 days |
| Retell AI Voice conversation processing | Voice conversation processing | SOC 2 Type IIHIPAAGDPR | Customer-controlled |
| Neon Database hosting (PostgreSQL) | Database hosting (PostgreSQL) | SOC 2 | Customer-controlled |
| Vercel Application hosting | Application hosting | SOC 2ISO 27001 | — |
| Stripe Payment processing | Payment processing | PCI DSS Level 1SOC 2 | As required by law |
Enterprise Security Requirements?
Need a custom DPA, security questionnaire, or specific compliance documentation? Our team is ready to help.