legal

PrivacyPolicy.

version 2.2 · effective june 25, 2026

§ 01

Overview

Sati Technology Inc. (d/b/a Zentrr, “Zentrr,” “we,” “us,” or “our”) operates the Zentrr platform. This Privacy Policy explains what we collect, how we use it, who we share it with, and the rights you have over your information.

§ 02

Information we collect

Account information. When you create an account, we collect your name, email address, and the organization you represent.

Usage data. We log how you interact with the platform — Specialist invocations, Workflow executions, feature usage, and audit-trail events — so we can operate the Service and provide audit trails to your compliance team.

Customer Content. Documents, prompts, knowledge sources, and integration data you upload or connect to the platform. Customer Content is processed solely to provide the Service to you and is not used to train AI models. See our Terms of Service § 04 for details.

Cookies and analytics. We use Google Analytics and Google Ads for site analytics and ad-conversion measurement, gated by your consent banner choice. See our Cookie Policy for the full list of cookies and how to opt out.

Consumer health data. If you are a Washington resident and your provider uses Zentrr to process consumer health data about you, the Consumer Health Data Privacy Notice applies in addition to this policy.

§ 03

How we use your information

We use your information to provide, maintain, and improve the Service; to communicate with you about your account and the Service; to ensure security and prevent fraud; to comply with legal obligations; and to honor the contract we have with you. We rely on contractual necessity, legitimate interest, and (for marketing communications and non-essential cookies) your consent as our lawful bases under the GDPR.

§ 04

Sub-processors and AI model providers

We use a small set of trusted sub-processors to operate the Service. The current list (with location, purpose, and notes) is published at /legal/subprocessors. Headline items: Amazon Web Services (Bedrock for AI inference; Cognito for identity; Aurora and S3 for storage; SES for email; CloudFront for CDN; ECS for compute) and Stripe (billing and Checkout). All AI inference runs through AWS Bedrock; by default, Anthropic and other model providers do not see your prompts, completions, or logs.

Optional provider-data-share models. A small set of frontier models (currently Claude Fable 5) are offered by AWS Bedrock only under provider_data_share. If — and only if — an admin in your organization explicitly enables one of these models on a specific agent, that agent's prompts and completions are shared with the model provider (Anthropic) and retained for up to thirty (30) days for trust & safety and abuse detection. This is never used to train models, is off by default, applies only to the specific agent you opt in, and is recorded in your audit log. Every other agent and model keeps the default guarantee above.

We will notify you before adding or replacing sub-processors that handle Customer Content materially.

§ 05

Data security

We implement industry-standard security measures: encryption at rest (AES-256 with AWS KMS) and in transit (TLS 1.3); PostgreSQL row-level security to enforce tenant isolation on every query; CloudTrail audit logging on all API calls; and least-privilege IAM. Our infrastructure runs entirely on AWS HIPAA-eligible services in the United States.

§ 06

Data retention

Account data: retained for the life of the account and for thirty (30) days after a deletion request is honored.

Chat messages: retained for ninety (90) days by default; configurable per organization.

Audit logs: Practice tier — one (1) year; Practice Plus — seven (7) years; Enterprise — per contract.

§ 07

AI accuracy and the use of Outputs

Specialists draft work using probabilistic AI models. Outputs may be inaccurate, incomplete, biased, or offensive, and are not medical, legal, financial, tax, insurance, real-estate, or other professional advice. You are responsible for verifying Outputs before relying on them, and for ensuring a qualified licensed professional reviews any Output used in a regulated workflow. See our Terms of Service § 05.

§ 08

Your rights

Depending on where you live, you may have rights to access, correct, delete, port, or restrict our processing of your personal information. To exercise any of these rights, email privacy@zentrr.com and identify the request and the account or email it relates to. We will respond within thirty (30) days, or sooner where required by law, after verifying your identity.

California residents (CCPA / CPRA).You have rights to know what we collect, delete what we hold, correct inaccurate information, opt out of any “sale” or “sharing” of personal information for cross-context behavioral advertising, limit use of sensitive personal information, and not be discriminated against for exercising these rights. We do not sell or share personal information for cross-context behavioral advertising. See our Do Not Sell or Share My Personal Information page.

EU / UK / Swiss residents (GDPR). You may additionally lodge a complaint with your data protection supervisory authority. Where we transfer personal data outside the EEA / UK / Switzerland, we rely on Standard Contractual Clauses or equivalent safeguards; a copy is available on request.

§ 09

International transfers

Customer Content and account data are stored on AWS infrastructure in the United States (us-east-1 by default). If you are outside the U.S., your data will be transferred to and processed in the U.S. We rely on Standard Contractual Clauses for transfers from the EEA, UK, and Switzerland. EU customers should reach out for our Data Processing Addendum.

§ 10

Children

The Service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will delete it.

§ 11

Bankruptcy and change of control

If we are acquired or undergo a bankruptcy proceeding, your data will remain subject to the privacy commitments in this policy and our Terms of Service § 12 — including thirty (30) days' advance notice, honoring of prior deletion and opt-out requests, and any consent required by applicable state genetic, biometric, or health privacy law (including 11 U.S.C. § 363(b)(1)(B) and Cal. Civ. Code § 1798.140(ad)(2)(D)).

§ 12

Changes to this policy

We may update this Privacy Policy. If a change is material, we will notify you at least thirty (30) days before it takes effect via email to your account address or via in-product notification. The version and effective date are stamped at the top of this page.

§ 13

Connected Google accounts (Gmail, Calendar, Analytics & Search Console)

When you connect a Google account — your personal account, or your organization's account for analytics — your Specialist can act on Google services on your behalf. We request the narrowest scopes required:

Send email (gmail.send). The Specialist sends messages only when you explicitly ask it to. We deliberately do not request any Gmail read scope, so Zentrr cannot read your inbox.

Calendar (calendar.readonly, calendar.events). The Specialist reads your calendar to check availability and surface upcoming events, and creates or updates events when you ask it to schedule something.

Google Analytics & Search Console (analytics.readonly, webmasters.readonly). When an organization connects its Google account, your SEO Specialist reads Google Analytics 4 traffic, engagement, and conversion metrics and Search Console search-query, impression, click, and ranking data — read-only — solely to produce the SEO and performance reports you ask it for. Zentrr never changes your website, your Google Analytics property, or your Search Console configuration.

Zentrr's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Google user data is used solely to provide the features above; it is never sold, never used for advertising, never used to train generalized or non-personalized AI models, and never transferred to others except as needed to provide these features, with your consent, or to meet a legal obligation.

You can disconnect at any time from your Zentrr connection settings, or revoke access directly at myaccount.google.com/permissions. When you disconnect, we delete the stored Google tokens.