Privacy Policy

Last updated: March 31, 2026

I. Identity of the Data Controller

Zeuslock Corp, referred to as "Zeuslock", "we", "our" or "us", acting as Data Controller, solemnly affirms its commitment to ensuring the integrity, confidentiality and security of its users' personal data. This Privacy Policy governs the terms and conditions for collecting, using, storing and protecting your personal information in connection with the use of our data leak prevention (DLP) service for artificial intelligence services.

By using the platform, you unreservedly accept this Privacy Policy. We invite you to read it carefully before any use.

II. Collection and Categories of Personal Data

2.1. Data Subject to Processing

Within the strict framework of providing the SaaS solution, we are authorized to collect the following categories of data:

  • Identification and Account Data: Email address, organization name, and password (stored in secure hashed form).
  • Usage and Traceability Data: Connection logs, detailed statistics on service usage, and GPS geolocation data limited to the effective duration of the active session.
  • Security Incident Metadata: DLP alert metadata, including the type of data detected, the precise timestamp of the incident, and the URL involved.
  • Billing Data: Payment-related information, which is processed by our third-party service provider, Stripe.

2.2. Formal Exclusion Clause: Data NOT Collected

Unequivocal Declaration: Zeuslock Corp does not process, store or transmit the intrinsic content of your confidential or sensitive data unless expressly authorized by the User. Our software extension performs text analysis exclusively locally within your browser. Only anonymized incident metadata, strictly necessary for security notification purposes, is transmitted to our servers.

  • Your passwords, credit card numbers, or API keys.
  • The textual content of your exchanges with artificial intelligence (AI) services.
  • The content of files you may have uploaded.

III. Legal Bases and Purposes of Processing

Zeuslock Corp guarantees that all data processing is based on an explicit legal basis (Contract, Legitimate Interest, Legal Obligation, or Consent) and pursues a strictly defined purpose.

  • Performance of the Service Contract: This processing is strictly necessary for the provision and continuous improvement of the DLP protection service. It includes the creation and management of user accounts, subscription and billing management, and ensuring employee access to resources.
  • Legitimate Interest of Zeuslock Corp: This basis justifies the generation of statistics and reports for the dashboard, the establishment of security logging and auditing, the provision of customer support, as well as commercial prospecting for prospect data.
  • Legal Obligation: This processing is required for the production of exportable compliance reports, compliance with security and fraud detection obligations, and the obligation to respond to judicial requisitions or administrative orders.

IV. Legal Basis of Consent and Right of Withdrawal

4.1. Collection of Prior, Free and Unambiguous Consent

The processing of your personal data is based on the prior, free, specific, informed and unambiguous consent of the user in the following cases:

  • Commercial Partnerships: Data will only be transmitted to third-party commercial partners of Zeuslock Corp after obtaining your express consent.
  • Non-Essential Communications: For any communication regarding updates or offers that are not strictly essential to the operation of the service.

WARNING: The absence or withdrawal of consent in these specific cases shall have no impact on the provision of the main contractual DLP protection services.

4.2. Imprescriptible Right of Consent Withdrawal

The data subject has the absolute right to withdraw their consent at any time. This withdrawal shall take effect immediately and shall in no way affect the lawfulness of processing carried out prior to such withdrawal.

V. Legal Retention Periods and Archiving

Data is retained for the period strictly necessary for the purposes of processing, in strict compliance with the principle of minimization.

  • Active Account Data: Duration of the contractual relationship (necessary for the provision of services).
  • Post-Termination Account Data and Payment Records: Period of three (3) years after termination or registration (legal and tax obligations).
  • Connection Logs: Twelve (12) months (security, fraud detection and legal obligation).
  • GPS Geolocation Data: Limited to the duration of the active session (minimization of non-permanent collection).
  • Communication Data (Customer Service): Three (3) years after the closure of the request (customer relationship management and evidence preservation).
  • Prospect Data: Three (3) years after the last contact (legitimate interest for commercial prospecting, Article 6(1)(f) of the GDPR).

Upon expiration of these periods, Zeuslock Corp shall proceed with the permanent and irreversible deletion or technical anonymization of the relevant data, in accordance with prevailing technical standards.

VI. Security Measures and Hosting

6.1. Security Measures Implemented

Zeuslock Corp implements rigorous technical and organizational measures to ensure the integrity and confidentiality of data:

  • Encryption: Data encryption in transit (TLS 1.3) and at rest (AES-256).
  • Access Control: Secure authentication via AWS Cognito and strict application of the principle of least privilege.
  • Monitoring: Continuous monitoring and access logging for operational traceability.

6.2. Hosting Location and Primary Subprocessor (AWS)

Your data is hosted on highly secure Amazon Web Services (AWS) servers, our primary subprocessor.

  • Hosting Region: The entire Zeuslock infrastructure is hosted in the AWS Europe region (Paris, eu-west-3). All processing is carried out within the territory of the European Union.
  • Legal Basis for Transfer: Data transfer safeguards are ensured by the Standard Contractual Clauses (SCCs) of Decision 2021/914/EU, as well as compliance with the provisions of the Data Privacy Framework.

VII. Data Sharing, Disclosure and Subprocessing

We certify that Zeuslock Corp does not under any circumstances sell your personal data. Disclosure is limited to the following categories:

  • Service Providers and Technical Subprocessors: We engage rigorously selected subprocessors (notably AWS). These entities act exclusively on documented instructions from Zeuslock Corp and are contractually bound to guarantee a level of security and confidentiality equivalent to ours and compliant with the GDPR.
  • Commercial Partners: Transfer to commercial partners is strictly contingent upon obtaining the prior and express consent of the user.
  • Public Authorities and Legal Obligations: We are required to disclose data to competent authorities when imperatively required by law (judicial requisition, administrative order or declarative legal obligation).

VIII. Exercise of Data Subject Rights

Any person whose data is processed by Zeuslock Corp benefits from the following rights, in accordance with the GDPR:

  • Right of Access: Obtaining a copy of all processed data.
  • Right to Rectification: Correction of any inaccurate or incomplete data.
  • Right to Erasure: Request for data deletion (subject to legal retention obligations). Response time: 7 business days.
  • Right to Data Portability: Receipt of data in a structured, commonly used and machine-readable format. Response time: 7 business days.
  • Right to Object: Objection to processing based on legitimate interest. Response time: 7 business days.
  • Right to Restriction of Processing: Request for temporary suspension of processing. Response time: 7 business days.
  • Right to Withdraw Consent: Withdrawal at any time, without retroactive effect. Response time: Immediate.

To exercise these rights, contact Zeuslock Corp by email at security@zeuslock.ai or via the dedicated section on the Website. Zeuslock Corp undertakes to respond within a maximum period of seven (7) business days.

IX. Termination and Permanent Account Deletion

Any user has the complete freedom to unsubscribe at any time. They may also request the permanent and irreversible deletion of their account. This request results in:

  • The permanent and irreversible deletion of all of the user's personal data (excluding legal/tax exceptions).
  • The technical anonymization of data that cannot be deleted for legal or technical reasons.
  • The immediate and permanent loss of access to all services offered by the Application.

X. Final Provisions and Applicable Law

10.1. Cookie Policy

Our service exclusively uses cookies essential for the proper functioning of the platform (notably for authentication and user preferences). Preference cookies remember your personalized settings such as language, location or font size. Authentication cookies identify a user after login and maintain the active session.

We do not use any cookies for advertising or third-party tracking purposes.

10.2. Applicable Law and Dispute Resolution

This Privacy Policy is governed by and construed in accordance with United States law, while incorporating the provisions of the General Data Protection Regulation (GDPR) for users residing within the European Union. In the event of a dispute, the parties undertake to seek an amicable resolution as a priority. Failing this, any litigation shall be subject to the exclusive jurisdiction of United States courts.

10.3. Policy Revision

Zeuslock Corp reserves the right to modify this Policy at any time. In the event of substantial modifications, a notification shall be sent to users at least thirty (30) days before the effective date. Continued use of the Platform after such notification constitutes express acceptance of the new Policy.