GDPR and CCPA
Data residency, the right to access, erasure, portability, and rectification, consent, the DPA and sub-processor list, and CCPA Do-Not-Sell and Global Privacy Control handling.
Zumik builds the regulated data flows into the platform: subject-rights requests run through real API endpoints, deletion produces a signed receipt, and the sub-processor list is machine-readable. This page covers GDPR and CCPA; for the broader posture see the security overview.
Data residency
Residency defaults to US regions. Enterprise customers can configure residency to the EU or other supported regions through project policy. Zumik does not process or store customer data outside the configured region without explicit consent. See regional policy for the routing controls that enforce this.
Data subject rights
Right to access and portability
POST /v2/data-exports assembles a machine-readable JSON bundle of everything Zumik retains for a project: account metadata, usage records, retained artifacts and sessions, provider and subscription credential metadata (never the secrets themselves), regional policy, retention profile, and the audit log. GET returns the export. The format is the same documented structured JSON used for portability, and access requests complete within 30 days.
curl -X POST https://api.zumik.ai/v2/data-exports \
-H "Authorization: Bearer zk_live_..."
# => { "id": "dexp_...", "object": "data_export", "status": "completed", "format": "json", "data": { ... } }Right to erasure
POST /v2/deletion-requests purges the project's retained data, increments the namespace generation so stale cache entries cannot be resurrected, and issues a signed receipt. The response reports counts of what was erased and what was retained, with the basis.
{
"object": "deletion_request",
"status": "completed",
"erased": { "artifacts": 14, "sessions": 3, "usage_events": 920, "namespace_generation": 7 },
"retained": { "billing_records": "retained for the legally-required tax period" },
"guarantee": "verified_namespace_invalidation",
"receipt_digest": "sig_..."
}Billing records required for tax compliance are kept for the legally-required period and noted in the receipt rather than silently dropped. Everything else, artifacts, bundles, sessions, branches, usage events, agent hints, diagnostics, replay runs, and retained input items, is erased and the namespace generation is bumped.
Deleting your console account triggers the same erasure for any workspace you solely own, plus your own PII and auth material. Workspaces shared with others survive: you are removed, and if you were the only owner the longest-standing remaining member is promoted to owner.
Right to rectification
Account information such as name and email can be corrected through self-service flows with appropriate verification. OAuth sign-in proves control of the email and marks it verified.
Consent
Explicit consent is obtained for any non-essential processing. Tracing defaults to metadata only, with no prompt text retained, unless you explicitly opt into a tokenized or full-fidelity mode. Analytics consent defaults to off. Consent changes are written to the audit log.
DPA and sub-processors
A signed Data Processing Agreement template is available for enterprise customers. The sub-processor list is published and also served machine-readably at GET /v2/compliance/sub-processors, so the console and any integration read the same authoritative set. The current sub-processors:
| Sub-processor | Purpose | Region |
|---|---|---|
| Stripe | Billing, subscriptions, payment processing | US |
| Cloudflare | Edge TLS, WAF, DDoS protection, CDN | Global edge |
| Resend | Transactional email (verification, reset, alerts) | US |
| NetCup | Origin compute hosting for API and console | EU |
| OpenAI, Anthropic, Google (Gemini), xAI, Fireworks AI | Managed model inference | US |
| OpenRouter | Emergency outage-fallback inference only, gated by policy | Global |
CCPA specifics
Zumik does not sell personal information. The Do-Not-Sell signal is always honored regardless of any toggle, Global Privacy Control browser headers are honored at the edge, and a California Privacy Notice is maintained on the privacy policy page. Read or update per-project privacy preferences at GET/PUT /v2/compliance/privacy-preferences.
Where the data lives day to day
Trace modes, retention profiles, and the no-raw-prompt-logs default.
Data privacy and retention
Metadata-only tracing by default, the trace privacy modes, retention profiles, encryption in transit and at rest, and no raw prompt logs.
Vulnerability checklist
The vulnerability classes Zumik continuously verifies as absent across every service, deployment, and dependency, as a reference for security reviews, pen-test scope, and automated scanning.