Privacy Policy

This Privacy Policy explains how ZYLOX AI L.L.C-FZ, a company incorporated in the United Arab Emirates (Free Zone) with its registered office at Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E (“Zylox”, “we”, “us”, or “our”), collects, uses, and protects information when you use our website and platform.

1. Overview

Zylox is designed to provide AI capabilities while minimizing exposure of sensitive user data.

Our architecture focuses on:

- workspace isolation  
- client-side encryption  
- ephemeral AI processing environments  
- minimal plaintext data retention  

2. Data Controller and Processor Roles

Depending on how you use the Service:

- Zylox acts as a Data Controller for:

  - account information  
  - usage and technical metadata  

- Zylox acts as a Data Processor for:

  - user-uploaded documents  
 - prompts and queries  
- AI-generated outputs stored by the user  

Zylox processes user content only to provide the Service and in accordance with user instructions.

3. Information We Collect

Account Information

When you create an account, we may collect:

- name  
- email address  
- authentication identifiers  

Usage Information

We may collect metadata about platform usage, such as:

- timestamps of requests  
- system performance metrics  
- error logs  
- feature usage analytics  

User Content

Users may upload documents or prompts for AI processing.

These materials may be temporarily processed to generate responses.

4. How Information Is Used

We use collected information to:

- provide and operate the Service  
- authenticate users  
- process AI queries  
- improve reliability and performance  
- detect misuse or security threats  

5. Legal Basis for Processing (GDPR/UK GDPR)

Where applicable, we rely on the following legal bases:

- Contract: to provide the Service you request  
- Legitimate Interests: to maintain, secure, and improve the platform  
- Legal Obligations: to comply with applicable laws  

6. AI Processing

When users submit queries or upload documents:

- content may be processed in short-lived compute environments  
- relevant document fragments may be retrieved to generate responses  
- AI systems generate answers based on the provided content  

The system is designed so that plaintext data exists only temporarily during processing tasks.

7. No Human Review of User Content

Zylox is designed so that user content is not accessible to Zylox personnel in readable form.

Key characteristics of the system include:

- client-side encryption for stored data  
- ephemeral processing environments  
- no persistent plaintext storage  

As a result:

- Zylox personnel do not have routine access to user content  
- Zylox does not perform manual or human review of user content  
- stored interaction history is designed to be encrypted  

Zylox generally does not have the technical capability to access or recover user content stored within encrypted workspaces.

8. Zero-Knowledge System Design

Zylox uses a privacy-first architecture intended to minimize access to user data.

This includes:

- encrypted storage where Zylox does not hold decryption keys  
- client-side encryption capabilities  
- ephemeral AI processing  
- limited plaintext exposure  

Users are responsible for maintaining access to any encryption keys or credentials required to access their data.

9. Data Storage

Zylox aims to minimize the storage of readable user data.

Depending on system configuration:

- certain data may be encrypted before storage  
- embeddings may be stored to enable document retrieval  
- encrypted interaction history may be stored at the user’s request  

10. Security Measures

We implement technical safeguards including:

- encryption in transit  
- encrypted storage systems  
- workspace-level isolation  
- strict access controls  

Despite these safeguards, no system can guarantee absolute security.

11. Data Sharing and Subprocessors

Zylox does not sell user data.

We may share limited information with service providers that support our infrastructure and operations, including:

- cloud infrastructure providers (e.g. AWS)  
- authentication and database services (e.g. Firebase / Firestore)  
- payment processors (e.g. Stripe)  
- website analytics providers (e.g. Google Analytics, for website usage only)  

These providers process data only to deliver services on our behalf and under appropriate contractual safeguards.

12. Data Retention

We retain data only as long as necessary to provide the Service and operate the platform.

Retention decisions are based on:

- operational requirements  
- legal obligations  
- security considerations  

Due to our architecture:

- plaintext user content is not persistently stored  
- encrypted data may remain until deleted by the user  

Users may request deletion of their account and associated data.

13. User Rights

Depending on your jurisdiction, you may have rights to:

- access your data  
- correct inaccurate information  
- request deletion of your data  
- restrict or object to certain processing  

Requests may be submitted using the contact details below.

14. International Data Transfers

Zylox operates globally and may process data in jurisdictions outside your country of residence.

Where required, we use appropriate safeguards for international transfers, including:

- Standard Contractual Clauses (SCCs)  
- contractual protections with service providers  

15. Data Breach Notification

In the event of a data breach that affects your personal data, Zylox will take appropriate steps in accordance with applicable law, which may include notifying affected users and relevant authorities.

16. Cookies and Tracking Technologies

We use cookies and similar technologies on our website to:

- enable core functionality  
- understand website usage  

We use Google Analytics to analyze website traffic.

We do not use analytics to track user activity inside the Zylox application environment.

Users can control cookies through their browser settings.

17. Children’s Privacy

Zylox is not intended for individuals under the age of 16.
We do not knowingly collect personal data from children under 16.

18. Changes to This Policy

We may update this Privacy Policy periodically.
Updates will be posted with a revised effective date.

19. Contact

For privacy-related questions or requests:

ZYLOX AI L.L.C-FZ  
Meydan Grandstand, 6th floor  
Meydan Road, Nad Al Sheba  
Dubai, U.A.E  

Email: hello@zylox.ai  

Move your work into a private AI environment.

Set up your first workspace in minutes. No IT required. No data risk.

Get Started Free

Move your work into a private AI environment.

Set up your first workspace in minutes. No IT required. No data risk.

Get Started Free