Welcome to Zen-Tech International. This document is not merely a privacy policy; it is the ultimate, legally binding Master Codex that dictates exactly how data is protected, processed, and weaponized against threats globally across our software ecosystems. We prioritize absolute data privacy combined with high-end, agentic AI performance to ensure total digital security.
We are a registered MSME based in Thane, Maharashtra, India. Having entered our 4th operational year on March 13, 2026, we specialize in high-availability SaaS web platforms, secure medical ERP systems (such as ImpactOS), EdTech portals (Exam Master), media production (Zenteku), and autonomous AI-driven workflow tools. You can reach our Legal Division directly at zentechindiaofficial@gmail.com.
Key definitions govern this text: an Account is your digital profile. A Tenant is a dedicated, isolated database silo created for a client organization. AI Conversation Data includes the queries you transmit to Sonam AI. An Organization Manager is the administrator overseeing an enterprise license.
This Codex covers every single interaction, ping, and data transfer you have with Zen-Tech platforms. This includes our front-end web apps hosted on Vercel's edge network, our back-end relational databases managed via Supabase, API integrations, and physical biometric logins.
We operate strictly on a principle of "data minimization." If you create an account as an individual, we request only the bare minimum: your full legal name, a primary contact phone number, and a verified official email address to establish a cryptographic identity. We do not require your home address for standard usage.
If you are an Organization Manager deploying our software, we collect your professional email, corporate phone number, company registration details, and tax identification numbers. This is legally required to manage your software license, provision internal users, and generate auditable tax invoices.
Our servers record background technical metadata, including operating system configurations, browser engines, network latency speeds, and crash reports. We require this telemetry so our web applications can dynamically adjust UI components to fit your screen perfectly and to optimize server routing.
We securely commit the text prompts and contextual files you send to Sonam AI into your private, isolated database tenant. This is technically required so your AI assistant possesses "context window memory" to provide accurate, continuous answers across multiple days.
Every single time you authenticate, we automatically log your Internet Protocol (IP) address, session initiation microsecond, and any automated threat-blocks triggered. This is a non-negotiable security measure designed to stop botnets and malicious scripts from brute-forcing their way into your workspace.
Under strict international privacy frameworks (including GDPR, CCPA, and the DPDPA), we establish a concrete legal basis to process your data. This is founded on Contractual Necessity (providing the SaaS you bought) and Explicit Consent (when you actively grant us permissions like microphone access).
We utilize your collected data directly to render the platform services you pay for. This includes authenticating your secure sessions, routing API requests, matching database queries to your specific tenant silo, and delivering personalized AI inferences via the Sonam framework.
Zen-Tech has a legitimate interest in actively scanning network traffic and authentication logs to detect and neutralize cyber-attacks. We process metadata to detect anomaly patterns that indicate fraud, account takeovers, or coordinated DDoS events aiming to disrupt our shared architecture.
Your paid SaaS workspace is a sterile, ad-free environment. We explicitly ban the injection of Google AdSense, Facebook Meta Pixels, LinkedIn tracking codes, or any third-party ad-tech networks into our enterprise software. You pay for software; you are not the product being sold to advertisers.
We reject invasive third-party behavioral trackers like Google Analytics or Microsoft Clarity. Instead, we rely entirely on secure, first-party server logs hosted internally on Vercel and Supabase to monitor our software's heartbeat. Your mouse movements and keystrokes are not recorded by external entities.
Any proprietary text, code snippets, structural models, or confidential documents you upload remain your exclusive intellectual property. Files uploaded for AI analysis are processed through our isolated RAG system and are never used to train foundational AI models outside of your specific tenant.
All primary relational databases, user authentication credentials, and encrypted file blobs are housed within Supabase’s highly secure, enterprise-grade cloud infrastructures, which utilize battle-tested PostgreSQL databases isolated by strict Row Level Security (RLS) policies.
If you cancel your subscription or terminate your account, your data enters a mandatory cooling phase to prevent accidental loss from hasty decisions. Within exactly 90 days of cancellation, all associated personal data and vector embeddings are permanently, irreversibly destroyed.
Your data is protected by End-to-End Encryption (E2EE). We utilize AES-256 standards while your data rests on our database storage arrays, and TLS 1.3 cryptographic protocols while your data travels across the public internet, ensuring complete transit security.
We utilize Vercel to power our front-end edge network. Vercel deploys our application code to server nodes located geographically closest to your physical location, ensuring our software loads instantly and securely across global jurisdictions.
Razorpay serves as our exclusive, PCI-DSS compliant financial gateway for processing subscription fees and authorizing secure auto-pay mandates. Zen-Tech completely bypasses storing your credit card data; we only receive encrypted success/failure tokens.
For transactional email delivery (like password resets or MFA codes), we utilize highly secured third-party SMTP relays. These providers are bound by strict DPAs and are not permitted to read, harvest, or utilize the contents of the automated emails routed through their systems.
In the event of a merger, acquisition, or corporate restructuring of Zen-Tech International, your user data remains protected by the exact promises made in this Privacy Policy until you are explicitly notified otherwise and given a mandatory 30-day window to opt-out and delete your data.
Zen-Tech strictly scrutinizes all government, police, or judicial data requests. We will only comply with legally binding subpoenas issued by competent courts. Unless a legal gag order specifically prevents us from doing so, we will attempt to notify you via email before handing over any data.
Zen-Tech platforms are professional, enterprise-grade utilities. Children under the age of 18 are strictly, unequivocally prohibited from creating accounts. Any unauthorized minor accounts will be instantly deleted without warning or refund upon discovery.
You possess the absolute right to request a comprehensive JSON or CSV summary of all your data residing on our servers. You may take this portable data to a competitor if you wish; Zen-Tech does not utilize vendor-lock mechanisms to trap your enterprise data.
You maintain the right to instantly fix incorrect profile details in your settings dashboard. Furthermore, you can trigger the permanent deletion of specific files, databases, or entire user accounts with automated execution systems that honor your deletion requests instantly.
If there is an active legal dispute regarding the accuracy of your data or our right to process it, you can request a temporary freeze on data processing. During this freeze, your data remains safely stored but inaccessible to active application logic until the dispute is resolved.
Any specific processing permission you previously grantedsuch as opting into marketing emails, beta feature telemetry, or localized AI trainingcan be revoked instantly. Withdrawing consent carries absolutely no retroactive penalties to your baseline service quality.
Initiating account deletion triggers our 90-day permanent erasure protocol. Manual deletion of specific database schemas on your own via developer tools will immediately break your software dependencies, and Zen-Tech assumes zero liability for software crashes resulting from self-inflicted data destruction.
In the highly rare event of a structural security failure on our end, Zen-Tech’s Cybersecurity Team will notify affected Organization Managers within 72 hours of discovery. We will detail the exact scope of the breach, the data compromised, and the immediate mitigation steps required.
For security and server optimization, free-tier accounts that remain entirely inactive for a continuous period of 12 months will be marked for dormancy deletion. We will dispatch three electronic warnings prior to purging an inactive account from our primary servers.
Chats with Sonam AI are strictly confidential. Human administrators do not routinely read your chat logs. Prompts are automatically sanitized for malicious injection vectors (such as prompt injection attacks or hidden SQL commands) before being processed by the inference engine.
We continuously refine Sonam AI using generalized interaction data, though users have an absolute right to opt out of this process via their dashboard. Note that AI systems are susceptible to cognitive variance ("hallucinations").
Our engines feature hardcoded guardrails against generating illicit or highly dangerous content. Users are strictly prohibited from using Zen-Tech AI to generate malware, automate targeted harassment, or simulate unauthorized reverse connections outside of contracted security audits.
You interact with our core stack continuously. We explicitly utilize Supabase for secure relational databases and authentication. We use Cloudflare for DNS routing and edge caching. Razorpay handles global subscription billing, while Vercel executes our front-end hosting and serverless functions.
OpenAI, Hugging Face, Google Gemini, and Anthropic APIs are supported only if clients explicitly request custom model deployments via a Bring-Your-Own-Key (BYOK) architecture, entering their own API keys into dedicated enterprise server nodes that we manage.
To maintain our isolated security frameworks and prevent third-party tracking, we explicitly ban the integration of Firebase, Google Analytics, Microsoft Clarity, and standard Meta/Facebook tracking pixels from our core authenticated software environments.
Unauthorized data extraction is considered a criminal cyber-felony. You are strictly forbidden from scraping, copying, or stealing data that does not belong to you using automated bots. Violating this breaches the Indian IT Act (Sec 43) and CFAA, resulting in immediate law enforcement involvement and civil litigation.
If you intentionally leak another user's private data, sell access to your enterprise account, or give your login credentials to a hacker through extreme carelessness, you are solely responsible. Zen-Tech assumes zero liability for breaches caused by user malice or gross negligence.
Attempting to circumvent our frontend interfaces to hammer our undocumented internal APIs with automated traffic is strictly prohibited. Such actions are classified as unauthorized infrastructure abuse and will trigger automated IP blacklisting and potential legal action for service disruption.
Organization Managers are contractually obligated to enforce Two-Factor Authentication (MFA) across their tenant ecosystem. Failure to enforce MFA constitutes gross negligence. If a tenant is compromised due to a weak password and a lack of MFA, the user explicitly waives all rights to hold Zen-Tech liable.
To prevent unauthorized physical access to unattended terminals, all authenticated sessions feature an absolute timeout threshold. Sessions left entirely idle will be forcefully terminated, requiring re-authentication to re-enter the secure workspace.
In the event a user loses access to their primary MFA device, Zen-Tech mandates a strict, multi-step identity verification process to recover the account. We will not bypass MFA requirements merely based on email requests; users must provide cryptographic backup codes generated at account creation.
For systems utilizing facial recognition, fingerprint scanning, or WebAuthn passkeys, Zen-Tech utilizes Zero-Knowledge Proofs (ZKP) via FIDO2 standards. We do not save raw biometric templates on centralized servers; the actual biometric data stays trapped safely inside your personal hardware enclave.
Our biometric integration strictly interfaces with the Secure Enclave (Apple) or Trusted Execution Environment (Android/Windows) on your device. When you authenticate, Zen-Tech only receives a mathematical cryptographic confirmation that a successful match occurred locally on your device.
Biometric authentication is never forced. Users must explicitly opt-in and grant browser or operating system permissions to utilize biometric workflows. Users retain the absolute right to fall back to standard, high-entropy password authentication at any time.
By default, your data may traverse global CDNs and be stored in the United States, Europe, or India to optimize application speed. Our edge network automatically routes traffic to the nearest geographic node to ensure the lowest possible latency for enterprise execution.
If local laws dictate data MUST stay inside your specific country, users must execute an Enterprise Data Localization Addendum. Users are solely responsible for ensuring their use of Zen-Tech complies with local data sovereignty laws (e.g., India's CERT-In directives).
Even under strict data localization frameworks, non-sensitive static assets (such as CSS files, logos, and UI JavaScript) will be cached globally on Edge networks. We guarantee that sensitive database payloads and PII will remain restricted to the designated national boundaries.
We work with highly secure companies (sub-processors) to deliver our software, maintaining a strict Data Processing Agreement (DPA) with all of them. These DPAs legally bind the sub-processors to the exact same stringent privacy and security standards outlined in this Master Codex.
Zen-Tech reserves the right to onboard new sub-processors to enhance platform capabilities. However, we are legally bound to provide a 30-day electronic notice to all Organization Managers prior to routing any tenant data through a newly contracted third-party vendor.
The user's sole remedy for objecting to a new sub-processor is the termination of the SaaS agreement prior to the end of the notice period. Continued use of the platform following the 30-day window constitutes legally binding acceptance of the new vendor infrastructure.
API Secret Keys are equivalent to digital bearer bonds. You must keep your API keys safe. The user assumes absolute, non-transferable financial liability for all compute costs, token usage, and AI inference charges incurred via their API keys, regardless of whether the usage was authorized.
Zen-Tech enforces hard API rate-limiting to protect server stability. Attempts to bypass these limits via IP rotation or distributed botnets will be classified as a Denial of Service (DoS) attack. Violators will face immediate prosecution as a cybercrime under applicable IT frameworks.
If our security scanners detect that your private API key has been accidentally published to a public repository (such as GitHub), our systems will automatically revoke the key and nullify its access immediately to prevent unauthorized financial exploitation of your account.
Unauthorized penetration testing, network auditing, reverse shells, or vulnerability scanning of Zen-Tech infrastructure is strictly prohibited unless explicitly bound by a mutually executed Rules of Engagement (RoE) contract signed by Zen-Tech’s legal team.
Unauthorized use of tools like Nmap, Curl, Burp Suite, or Kali Linux suites against our domains without permission violates the CFAA. Violators will not be protected by "ethical hacker" defenses and will face immediate criminal prosecution and civil lawsuits for infrastructure disruption.
Security researchers who discover a vulnerability entirely by accident, without using prohibited aggressive scanning tools, and who report it privately to our security team, will be granted Safe Harbor. We may, at our sole discretion, offer a bounty reward for responsible disclosure.
Zen-Tech enforces the Principle of Least Privilege for internal staff. Our employees cannot browse through your files. Internal access to production databases requires secure VPN tunneling and MFA. Only senior engineers are authorized to access tenant data strictly in response to support tickets.
Every internal administrative action taken by a Zen-Tech employee upon a client's tenant database is recorded in a cryptographically secured, append-only log. These logs cannot be altered or deleted by the employees themselves, ensuring total accountability for internal actions.
All Zen-Tech employees with potential access to the production environment undergo rigorous background checks. Any employee caught violating access protocols to view client data for personal reasons will face immediate termination and criminal prosecution for corporate espionage.
Zen-Tech maintains encrypted backups of data in multi-region redundancies to restore software in the event of hardware failure. However, the service is provided "As-Is". We explicitly disclaim liability for data loss resulting from Acts of God, warfare, or cloud provider failure (Force Majeure).
In the event of a catastrophic regional failure, our engineering team targets a specific Recovery Time Objective to restore baseline functionality. However, this objective is an internal goal, not a legally binding Service Level Agreement (SLA) guarantee, unless explicitly contracted otherwise.
Despite our robust internal redundancies, users are contractually obligated to maintain their own local, redundant copies of mission-critical data. Zen-Tech will not be held liable for business interruptions if the client failed to maintain independent backups of their operational files.
While we strive for unbiased AI, learning models may occasionally generate incorrect, offensive, or biased outputs based on internet training data. Zen-Tech continually monitors model weights to suppress highly toxic inferences, but we cannot guarantee 100% sterile output in every edge case.
Zen-Tech disclaims all liability for discriminatory or hallucinatory outputs generated by Sonam AI. The user absorbs 100% of legal and financial liability for business, personal, or medical decisions enacted based on AI outputs without proper human verification.
Users are strictly prohibited from utilizing our AI for automated employment screening, credit scoring, or judicial sentencing. You must maintain a Human-in-the-Loop oversight mechanism when deploying AI for consequential decisions, as failing to do so violates international fairness laws.
Standard SaaS tiers are NOT HIPAA compliant by default. If you use our software (such as ImpactOS) to manage blood donations or clinic records, storing Protected Health Information (PHI) requires executing a separate Business Associate Agreement (BAA) with Zen-Tech beforehand.
Once a BAA is executed, all Electronic Medical Records (EMR) are subject to elevated field-level encryption. We ensure that patient diagnostic data is cryptographically separated from generalized tenant telemetry to meet extreme medical compliance standards globally.
ImpactOS environments maintain an immutable audit trail detailing exactly which medical staff member accessed which patient record and at what time. Uploading medical data to non-BAA covered environments transfers all regulatory HIPAA violation fines directly to the offending user.
For educational tenants using portals like Exam Master, Zen-Tech acts solely as a Data Processor. The academic institution is the Data Controller and must ensure FERPA (USA) or equivalent domestic compliance regarding student consent before storing test scores or grades.
If anti-cheat proctoring features are enabled by an institution, Zen-Tech strictly processes the video or browser-lock telemetry only for the duration of the exam. We guarantee we will never sell student biometric data or utilize academic records for targeted advertising.
Zen-Tech will instantly comply with verified school administrator requests to purge student records upon graduation or transfer. However, we hold no liability if the educational institution itself fails to collect proper consent initially or fails to request deletion when legally required.
When you use our platforms to store raw film footage or scripts (such as for "Udaan" or "Nahee Subha"), your intellectual property remains 100% yours. Zen-Tech complies fully with the DMCA and will terminate accounts found to infringe on third-party IP without issuing refunds.
We provide elevated, unlisted cloud storage for pre-release media assets. Zen-Tech waives all claims to copyright or distribution rights of user-uploaded media. We guarantee we will not leak your unreleased movies, protecting the integrity of your production house deliverables.
We explicitly guarantee that unreleased media, scripts, and production files uploaded to Zenteku cloud storage will never be scraped by our internal systems to train generative video or text AI models without direct, explicitly signed contractual permission from the creator.
IoT edge device telemetry (e.g., from smart scanners or biometric grips) is ingested strictly via encrypted MQTT or HTTPS protocols. We do not covertly activate devices to monitor locations. Zen-Tech is not liable for data breaches that occur locally due to outdated device firmware.
The user assumes full responsibility for securing their physical hardware before it handshakes with Zen-Tech cloud nodes. Failing to apply security patches to edge devices creates a vulnerability outside of our control, for which the user assumes total liability.
All data transmitted from an IoT device to the Zen-Tech central nervous system must utilize TLS authentication. We will automatically sever connections from legacy devices attempting to transmit plaintext payloads across our secured network boundaries.
When you delete an account, your files are not simply moved to a recycle bin. Zen-Tech executes Cryptographic Shredding on all expired tenant data. After a mandatory 90-day retention window, the data is marked for permanent, irreversible destruction.
We achieve true erasure by intentionally deleting the master encryption keys associated with a tenant's database blob. Without the key, the remaining data on the disk becomes mathematically irretrievable ciphertext, rendering recovery impossible even by elite forensics teams.
Users must understand that once this 90-day window expires and cryptographic shredding occurs, Zen-Tech cannot restore the data under any legal, technical, or financial compulsion. The deletion is final, verified by our automated infrastructure logs.
Software is built utilizing thousands of open-source code libraries. Zen-Tech employs rigorous, automated Dependency Scanning to actively monitor these libraries and patch known vulnerabilities the moment a CVE (Common Vulnerabilities and Exposures) report is published.
In the event of a Zero-Day Supply Chain attack (e.g., malicious commits to an upstream open-source library before a patch exists), Zen-Tech disclaims liability for resulting downtime or data exfiltration, as this represents an unpredictable, systemic internet risk.
We guarantee rapid incident response in the event of a supply chain compromise. We strictly audit our dependencies, removing libraries maintained by unknown or unverified developers to minimize the attack surface presented to our enterprise clientele.
Zen-Tech maintains a cryptographic Warrant Canary. As of the Last Updated date of this policy, Zen-Tech has NOT been subjected to any secret FISA court orders, National Security Letters, or gag orders requiring the installation of surveillance backdoors.
We do not implement secret backdoors in our software for government, police, or intelligence agencies. We prioritize mathematically sound security architecture over state surveillance demands, ensuring our systems remain impenetrable to unauthorized mass data harvesting.
If we are ever forced by a covert court order to compromise our encryption, we will signal this by failing to update our Canary, as legally permitted. We will aggressively fight overbroad subpoenas in court to protect the fundamental privacy rights of our global users.
Do not use our software to do illegal things. Hosting malicious payloads, orchestrating botnets, cryptocurrency mining, harassment, or distributing illicit CSAM material will result in immediate, non-refundable account termination and permanent blacklisting.
Zen-Tech utilizes automated content hashing algorithms (such as PhotoDNA) to detect illegal payloads without human review. If these hashes match known databases of highly illicit material, the system will autonomously lock the tenant space.
Upon detecting a severe violation of the Acceptable Use Policy, Zen-Tech will proactively report violators to Interpol, the FBI, and Indian Cyber Police without prior warning, handing over all relevant IP logs and account metadata for criminal prosecution.
Zen-Tech AI is not a licensed financial fiduciary. Any algorithmic market analysis, tracking of Gold ETFs (such as Angel One), commodity predictions, or blockchain smart-contract generation provided by our software is strictly for educational and informational purposes.
Users utilizing our API to route programmatic trading data must understand that market volatility is unpredictable. Any delay, latency spike, or AI cognitive error that results in a failed or unprofitable trade falls entirely outside our scope of operational liability.
The user assumes all financial risk. We claim total indemnification against capital losses, SEC/SEBI regulatory actions, or crypto wallet draining resulting from your reliance on our software platforms or AI-generated financial insights.
The generation of non-consensual synthetic media ("deepfakes") depicting real individuals using our AI generators is a severe violation of this Codex. You may not utilize our platform to generate hyper-realistic portrayals of people without documented consent.
Zen-Tech reserves the right to implement invisible cryptographic watermarking and metadata tagging on all AI-generated media. This allows us to trace misuse back to the originating tenant if the media is utilized in a malicious or highly illegal context.
Users deploying synthetic media to scam individuals, defame public figures, commit financial fraud, or interfere with democratic elections will face immediate account termination and we will cooperate fully with law enforcement agencies globally to stop the threat.
Following the Schrems II ruling, Zen-Tech relies strictly on Standard Contractual Clauses (SCCs) issued by the European Commission for data transfers outside the EEA. We guarantee that your data remains protected when routed to our servers in the US or India.
To ensure compliance during transatlantic routing, we implement supplementary measures including advanced at-rest encryption and strict access controls. These protocols are specifically designed to prevent foreign intelligence agencies from accessing EU citizens' data.
By maintaining these strict cryptographic barriers, we ensure full GDPR compliance even when data crosses borders. Organizations utilizing our software in highly regulated European zones can rely on these safeguards for their own regulatory compliance audits.
In the event of suspected criminal activity on our platform, Zen-Tech reserves the right to execute a Legal Hold. This action immediately freezes the tenant environment and overrides the standard 90-day deletion protocol, preventing the destruction of evidence.
Once a Legal Hold is active, we preserve server logs, IP addresses, and digital snapshots of database states to maintain a pristine Chain of Custody for digital forensics. This ensures the digital evidence remains untampered and admissible in a court of law.
This forensic evidence will be held securely on cold-storage drives and surrendered exclusively under valid judicial warrants. We will not hand over preserved forensic snapshots based merely on informal requests from police officers without proper legal documentation.
Organization Managers bear sole fiduciary responsibility for provisioning and de-provisioning Identity Access Management (IAM) credentials for their staff. Managing who has access to the Zen-Tech dashboard within your company is entirely your administrative duty.
If an employee is terminated, it is the business owner's duty to revoke access immediately. Zen-Tech claims zero liability for data sabotage, corporate espionage, or IP theft committed by an angry terminated employee whose access was left active.
Our platform provides instantaneous revocation tools. The moment an Organization Manager revokes a user's license, all active session tokens for that user are immediately invalidated, instantly terminating their access to the enterprise workspace globally.
Where Zen-Tech provides specific client-side encryption architectures, the decryption keys reside solely with the user. Under such configurations, Zen-Tech does not possess a master key and is mathematically incapable of complying with lawful interception orders.
If subpoenaed by state authorities regarding a client utilizing client-side encryption, we will surrender the raw ciphertext as legally required. However, the burden of decryption falls entirely on the user or the state apparatus, as we cannot crack the encryption ourselves.
Zen-Tech heavily scrutinizes all decryption requests to ensure they originate from a valid jurisdiction. We will actively refuse to assist in decrypting data requested by authoritarian regimes targeting journalists, activists, or political dissidents.
Zen-Tech utilizes Cloudflare and Vercel edge networks for automated DDoS mitigation. Our systems instantly identify malicious traffic spikes and deploy intelligent CAPTCHA challenges and rate limits to block the attack without disrupting legitimate human users.
In the event of a volumetric attack (e.g., exceeding 100 Gbps) targeting a specific tenant that jeopardizes the shared infrastructure, Zen-Tech reserves the right to implement BGP null-routing (blackholing) against the targeted tenant to protect the rest of the network.
We disclaim liability for downtime incurred by a targeted tenant during necessary defensive null-routing. Protecting the overarching integrity and uptime of the entire SaaS platform takes absolute precedence over the availability of a single attacked node.
If any provision of this Codex is held by a court of competent jurisdiction to be invalid, illegal, or unenforceable, the remaining provisions shall remain in full force and effect. The invalidity of one specific rule does not collapse the entire legal framework.
The failure of Zen-Tech to enforce any right or provision of this Codex at any specific time shall not constitute a waiver of such right or provision in the future. If we choose not to terminate an account for a minor infraction today, we retain the right to do so tomorrow.
This Codex is designed to be globally adaptable. Should specific regional laws mandate alterations to certain clauses, those alterations will apply solely to users within that specific jurisdiction, leaving the core tenets of the document functionally intact globally.
To the maximum extent permitted by global law, Zen-Tech, its founders, and employees shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, data, goodwill, or business interruption.
In no event shall Zen-Tech's aggregate liability exceed the total amount paid by the user to Zen-Tech in the twelve (12) months preceding the claim. We offer a high-availability software service, not a comprehensive business insurance policy.
By utilizing our software architecture, the user agrees to fully indemnify, defend, and hold harmless Zen-Tech International against all lawsuits, claims, and legal fees arising from the user's direct breach of this Codex or misuse of the platform.
30. Phishing, Spoofing, and Social Engineering Liabilities
User Liability for Social Engineering
Zen-Tech will never contact you requesting your password. Our infrastructure is technically immune to social engineering. If a user falls victim to a spear-phishing attack or vishing (voice phishing) and hands over their credentials, the user bears 100% of the liability for the breach.
Credential Stuffing Protection
While we deploy rate limits to prevent credential stuffing attacks, we cannot stop threat actors if you reuse passwords from other breached websites. Users must utilize unique, high-entropy passwords exclusively for their Zen-Tech enterprise accounts.
Zero-Trust Communication Standard
Zen-Tech will not reverse transactions or restore data deleted by threat actors utilizing validly obtained credentials. We operate on a Zero-Trust communication model; if a request comes from an authenticated session, the system executes it assuming it is legitimate.