Zumik
Security & compliance

GDPR and CCPA

Data residency, the right to access, erasure, portability, and rectification, consent, the DPA and sub-processor list, and CCPA Do-Not-Sell and Global Privacy Control handling.

Zumik builds the regulated data flows into the platform: subject-rights requests run through real API endpoints, deletion produces a signed receipt, and the sub-processor list is machine-readable. This page covers GDPR and CCPA; for the broader posture see the security overview.

Data residency

Residency defaults to US regions. Enterprise customers can configure residency to the EU or other supported regions through project policy. Zumik does not process or store customer data outside the configured region without explicit consent. See regional policy for the routing controls that enforce this.

Data subject rights

Right to access and portability

POST /v2/data-exports assembles a machine-readable JSON bundle of everything Zumik retains for a project: account metadata, usage records, retained artifacts and sessions, provider and subscription credential metadata (never the secrets themselves), regional policy, retention profile, and the audit log. GET returns the export. The format is the same documented structured JSON used for portability, and access requests complete within 30 days.

curl -X POST https://api.zumik.ai/v2/data-exports \
  -H "Authorization: Bearer zk_live_..."
# => { "id": "dexp_...", "object": "data_export", "status": "completed", "format": "json", "data": { ... } }

Right to erasure

POST /v2/deletion-requests purges the project's retained data, increments the namespace generation so stale cache entries cannot be resurrected, and issues a signed receipt. The response reports counts of what was erased and what was retained, with the basis.

{
  "object": "deletion_request",
  "status": "completed",
  "erased": { "artifacts": 14, "sessions": 3, "usage_events": 920, "namespace_generation": 7 },
  "retained": { "billing_records": "retained for the legally-required tax period" },
  "guarantee": "verified_namespace_invalidation",
  "receipt_digest": "sig_..."
}

Billing records required for tax compliance are kept for the legally-required period and noted in the receipt rather than silently dropped. Everything else, artifacts, bundles, sessions, branches, usage events, agent hints, diagnostics, replay runs, and retained input items, is erased and the namespace generation is bumped.

Deleting your console account triggers the same erasure for any workspace you solely own, plus your own PII and auth material. Workspaces shared with others survive: you are removed, and if you were the only owner the longest-standing remaining member is promoted to owner.

Right to rectification

Account information such as name and email can be corrected through self-service flows with appropriate verification. OAuth sign-in proves control of the email and marks it verified.

Explicit consent is obtained for any non-essential processing. Tracing defaults to metadata only, with no prompt text retained, unless you explicitly opt into a tokenized or full-fidelity mode. Analytics consent defaults to off. Consent changes are written to the audit log.

DPA and sub-processors

A signed Data Processing Agreement template is available for enterprise customers. The sub-processor list is published and also served machine-readably at GET /v2/compliance/sub-processors, so the console and any integration read the same authoritative set. The current sub-processors:

Sub-processorPurposeRegion
StripeBilling, subscriptions, payment processingUS
CloudflareEdge TLS, WAF, DDoS protection, CDNGlobal edge
ResendTransactional email (verification, reset, alerts)US
NetCupOrigin compute hosting for API and consoleEU
OpenAI, Anthropic, Google (Gemini), xAI, Fireworks AIManaged model inferenceUS
OpenRouterEmergency outage-fallback inference only, gated by policyGlobal

CCPA specifics

Zumik does not sell personal information. The Do-Not-Sell signal is always honored regardless of any toggle, Global Privacy Control browser headers are honored at the edge, and a California Privacy Notice is maintained on the privacy policy page. Read or update per-project privacy preferences at GET/PUT /v2/compliance/privacy-preferences.

Where the data lives day to day

Trace modes, retention profiles, and the no-raw-prompt-logs default.

On this page