Privacy Policy

Effective date: August 12, 2025

Plain‑English Summary We collect the minimum data needed to run Sanzen, deliver your sessions, and improve the product. You control what you share and how long we keep it. We don’t sell your data or use it for ads. This page explains the details and your rights.

Who we are (controller/processor)

Controller: Wakai Corporation (“Sanzen”), 30 N Gould St, Suite 5754, Sheridan, WY 82801, USA.

For individual accounts and our website, Sanzen is the controller. For enterprise customers, when we process workspace content under a contract, Sanzen is a processor on the customer’s instructions.

Questions? Email privacy@sanzen.ai.

Scope

This policy covers sanzen.ai websites, apps, and services (the “Services”). If a feature runs fully on your device with no network calls (“Local Mode”), only the Local Mode subsection applies to that feature.

Data we collect

1) Account & contact data

  • Identifiers: name, email, company, role; billing details for paid plans.
  • Communications: support messages, feedback, and metadata (timestamps, channels).

2) Session content you provide

  • Text you type or upload (docs, notes, transcripts), and optional integrations you connect (e.g., calendar, chat tools).
  • We treat this as confidential content and use it only to deliver the session and features you choose.

3) Technical & usage data

  • Device and network: IP address, approximate region, user‑agent, and basic diagnostics to keep the Service secure and reliable.
  • Product analytics: feature usage, performance, and error events. We do not collect keystroke‑level analytics.

4) Integration data (if you connect it)

We only pull the minimum scopes we need for the feature to work. You can disconnect integrations at any time.

5) Local Mode (if available)

Some features can run locally. In Local Mode, processing occurs on your device. We still may collect minimal telemetry (e.g., error counts) unless you disable diagnostics in settings.

How we use data (lawful bases)

Purposes

  • Deliver the Service (create accounts, run sessions, enable personas, integrations).
  • Security (detect abuse/fraud, protect accounts).
  • Product performance & analytics (fix bugs, improve UX, measure reliability).
  • Customer support & communications (respond to requests, service updates).
  • Compliance (tax, billing, legal obligations).

Lawful bases (EEA/UK)

  • Contract – to provide the Services you request.
  • Legitimate interests – security, product improvement, and minimal analytics (balanced against your rights).
  • Consent – optional features (e.g., connecting integrations, saving transcripts for reuse).
  • Legal obligation – tax, accounting, or requests from competent authorities.

We do not sell personal data and do not use it for cross‑context behavioral advertising.

Retention

  • Account data: kept while your account is active and for up to 24 months after closure (tax/records may require longer).
  • Session content: kept until you delete it or your workspace admin sets retention rules. You can delete items at any time.
  • Diagnostics & logs: security logs up to 30–180 days; aggregated analytics may be kept longer without identifiers.

Sharing & processors

We share personal data with third‑party processors that help us operate the Service (e.g., cloud hosting, model providers, email delivery). Processors may only use data per our instructions and must protect it.

  • Within Sanzen: limited access by staff with a need to know (least‑privilege).
  • Legal/safety: if required by law or to protect rights, safety, or the Service.
  • Business transfers: in a merger/acquisition, your data may transfer under this same policy.

We publish a current list of subprocessors at the bottom of this page when available.

International transfers

We may transfer data to the United States and other countries where we or our processors operate. When we transfer personal data from the EEA/UK, we rely on lawful mechanisms such as the EU Standard Contractual Clauses (and UK addendum as applicable).

Security

  • Encryption in transit (TLS 1.2+) and at rest (AES‑256 for supported storage).
  • Segregated environments, least‑privilege access, and audit logging for admin actions.
  • Secure development practices and vulnerability management.

No system is perfectly secure. If we learn of a breach affecting you, we’ll notify you and regulators when required.

Your rights

EEA/UK

You may request access, correction, deletion, restriction, portability, and objection to certain processing. You also have the right to lodge a complaint with your supervisory authority.

California (CPRA)

Residents may request access, deletion, correction, and information about disclosures. We do not “sell” or “share” personal information as defined by CPRA. You won’t be discriminated against for exercising rights.

Other US states

We honor applicable rights under state privacy laws (e.g., CO/CT/VA/UT). Contact us to exercise them.

To make a request, email privacy@sanzen.ai. We’ll verify identity and respond within the time required by law.

Cookies & tracking

Our website may use minimal, first‑party or self‑hosted analytics to measure performance and reliability without tracking you across sites. Product sessions do not use third‑party advertising cookies.

If we add cookies that require consent in your region, you’ll see a consent banner with options to accept or manage preferences.

Children’s privacy

Sanzen is built for adults. We do not knowingly collect personal data from children under 13. If you believe a child has provided data, contact us and we’ll delete it.

Changes to this policy

When we make material changes, we’ll update the date at the top and notify you via email or in‑product notice where appropriate.

Contact

Wakai Corporation (Sanzen)
30 N Gould St, Suite 5754, Sheridan, WY 82801, USA

Email: privacy@sanzen.ai

Subprocessors

We publish current subprocessors here. This section auto‑updates if you host /subprocessors.json.

Loading…

This policy explains our practices but isn’t legal advice.