Privacy Policy

Data stewardship principles

ZAUBERN provides decision execution infrastructure for highly regulated industries. The platform minimizes data collection, aligns with customer instructions, and enforces jurisdiction-aware data controls at the execution boundary.

We deploy infrastructure in customer-selected regions and apply encryption in transit and at rest with audited key rotation policies.

Information we collect

ZAUBERN collects only the information needed to provide secure, compliant services. This includes account metadata, telemetry required for availability, and optional integrations configured by customers.

• Account identifiers, billing contacts, and role assignments provided during onboarding.
• Flight Recorder artifacts uploaded by customer systems, such as prompts, model outputs, feedback signals, and control plane events.
• Support communications, including security questionnaires, incident reports, and compliance attestations.

We do not collect or sell personal data from public sources, brokers, or marketing databases.

How we use information

Information is processed to deliver services, enhance safety controls, and fulfill legal obligations. We rely on contractual necessity, legitimate interest in platform security, or explicit consent as our processing bases.

• Operating and securing decision execution infrastructure, including monitoring for abuse and performance anomalies.
• Providing support, incident response, and compliance deliverables requested by customers.
• Improving platform reliability, documentation, and user experience while respecting customer configuration boundaries.

How we share information

ZAUBERN never sells customer data. We only disclose information to subprocessors under written agreements, to regulators when legally required, or to third parties the customer designates.

• Audited infrastructure partners who provide hosting, storage, or secure communications.
• Specialist vendors engaged for penetration testing, compliance assessments, or managed support services.
• Regulators, law enforcement, or courts when mandated by applicable law and with customer notice whenever permitted.

All subprocessors are listed in our Trust Center with geographic scope, data types, and audit certifications.

Your rights and choices

Individuals interacting with systems that use ZAUBERN maintain the rights granted by their jurisdiction. ZAUBERN supports access, correction, deletion, and objection requests through coordinated workflows with our customers.

• Access records of processing that identify how Flight Recorder handled your data.
• Request corrections to inaccurate information or submit deletion requests where legally permissible.
• Escalate concerns to our Data Protection Officer or appeal a decision with an independent review.

To exercise these rights, contact your organization’s administrator or email [email protected]. We respond within 30 days unless the applicable law requires a shorter period.

Security controls

Security is embedded into every layer of the Flight Recorder stack. We blend automated policy enforcement with human oversight to uphold confidentiality, integrity, and availability commitments.

Policy changes

We update this Privacy Policy when introducing new capabilities or responding to regulatory guidance. Material changes are communicated to administrators and published in the Trust Center before they take effect.

Continued use of ZAUBERN services after an update constitutes acceptance of the revised terms.

Contact us

For questions about this policy or ZAUBERN’s data governance program, please reach out to our Privacy Office.

We also maintain regional representatives in the EU, UK, and Singapore for jurisdiction-specific obligations.