Privacy & Compliance Codex

1. Introduction & Foundation

Introduction to the Codex

Welcome to Zen-Tech International. This document is not merely a privacy policy; it is the ultimate, legally binding Master Codex that dictates exactly how data is protected, processed, and weaponized against threats globally across our software ecosystems. We prioritize absolute data privacy combined with high-end, agentic AI performance to ensure total digital security.

Company Information & Standing

We are a registered MSME based in Thane, Maharashtra, India. Having entered our 4th operational year on March 13, 2026, we specialize in high-availability SaaS web platforms, secure medical ERP systems (such as ImpactOS), EdTech portals (Exam Master), media production (Zenteku), and autonomous AI-driven workflow tools. You can reach our Legal Division directly at zentechindiaofficial@gmail.com.

Core Definitions

Key definitions govern this text: an Account is your digital profile. A Tenant is a dedicated, isolated database silo created for a client organization. AI Conversation Data includes the queries you transmit to Sonam AI. An Organization Manager is the administrator overseeing an enterprise license.

Scope of the Privacy Policy

This Codex covers every single interaction, ping, and data transfer you have with Zen-Tech platforms. This includes our front-end web apps hosted on Vercel's edge network, our back-end relational databases managed via Supabase, API integrations, and physical biometric logins.

2. Comprehensive Information Collection

Personal & Identity Information

We operate strictly on a principle of "data minimization." If you create an account as an individual, we request only the bare minimum: your full legal name, a primary contact phone number, and a verified official email address to establish a cryptographic identity. We do not require your home address for standard usage.

Corporate & Business Verification

If you are an Organization Manager deploying our software, we collect your professional email, corporate phone number, company registration details, and tax identification numbers. This is legally required to manage your software license, provision internal users, and generate auditable tax invoices.

Hardware & Telemetry Data

Our servers record background technical metadata, including operating system configurations, browser engines, network latency speeds, and crash reports. We require this telemetry so our web applications can dynamically adjust UI components to fit your screen perfectly and to optimize server routing.

AI Conversational Memory

We securely commit the text prompts and contextual files you send to Sonam AI into your private, isolated database tenant. This is technically required so your AI assistant possesses "context window memory" to provide accurate, continuous answers across multiple days.

Security & Threat Logging

Every single time you authenticate, we automatically log your Internet Protocol (IP) address, session initiation microsecond, and any automated threat-blocks triggered. This is a non-negotiable security measure designed to stop botnets and malicious scripts from brute-forcing their way into your workspace.

3. How We Use Your Information

Legal Basis for Processing

Under strict international privacy frameworks (including GDPR, CCPA, and the DPDPA), we establish a concrete legal basis to process your data. This is founded on Contractual Necessity (providing the SaaS you bought) and Explicit Consent (when you actively grant us permissions like microphone access).

Operational Fulfillment

We utilize your collected data directly to render the platform services you pay for. This includes authenticating your secure sessions, routing API requests, matching database queries to your specific tenant silo, and delivering personalized AI inferences via the Sonam framework.

Security & Fraud Prevention

Zen-Tech has a legitimate interest in actively scanning network traffic and authentication logs to detect and neutralize cyber-attacks. We process metadata to detect anomaly patterns that indicate fraud, account takeovers, or coordinated DDoS events aiming to disrupt our shared architecture.

4. AI Services & Strict Data Processing

Advertising Technologies Prohibition

Your paid SaaS workspace is a sterile, ad-free environment. We explicitly ban the injection of Google AdSense, Facebook Meta Pixels, LinkedIn tracking codes, or any third-party ad-tech networks into our enterprise software. You pay for software; you are not the product being sold to advertisers.

Analytics Services Stance

We reject invasive third-party behavioral trackers like Google Analytics or Microsoft Clarity. Instead, we rely entirely on secure, first-party server logs hosted internally on Vercel and Supabase to monitor our software's heartbeat. Your mouse movements and keystrokes are not recorded by external entities.

User Generated Content & Uploaded Files

Any proprietary text, code snippets, structural models, or confidential documents you upload remain your exclusive intellectual property. Files uploaded for AI analysis are processed through our isolated RAG system and are never used to train foundational AI models outside of your specific tenant.

5. Data Storage & Security Architecture

Data Storage Architecture

All primary relational databases, user authentication credentials, and encrypted file blobs are housed within Supabase’s highly secure, enterprise-grade cloud infrastructures, which utilize battle-tested PostgreSQL databases isolated by strict Row Level Security (RLS) policies.

Data Retention Period

If you cancel your subscription or terminate your account, your data enters a mandatory cooling phase to prevent accidental loss from hasty decisions. Within exactly 90 days of cancellation, all associated personal data and vector embeddings are permanently, irreversibly destroyed.

Data Encryption & Security Measures

Your data is protected by End-to-End Encryption (E2EE). We utilize AES-256 standards while your data rests on our database storage arrays, and TLS 1.3 cryptographic protocols while your data travels across the public internet, ensuring complete transit security.

6. Third-Party Service Providers

Cloud Hosting Infrastructure

We utilize Vercel to power our front-end edge network. Vercel deploys our application code to server nodes located geographically closest to your physical location, ensuring our software loads instantly and securely across global jurisdictions.

Payment Processing Gateways

Razorpay serves as our exclusive, PCI-DSS compliant financial gateway for processing subscription fees and authorizing secure auto-pay mandates. Zen-Tech completely bypasses storing your credit card data; we only receive encrypted success/failure tokens.

Communication & SMTP Relays

For transactional email delivery (like password resets or MFA codes), we utilize highly secured third-party SMTP relays. These providers are bound by strict DPAs and are not permitted to read, harvest, or utilize the contents of the automated emails routed through their systems.

8. Universal Privacy Rights

Access & Data Portability

You possess the absolute right to request a comprehensive JSON or CSV summary of all your data residing on our servers. You may take this portable data to a competitor if you wish; Zen-Tech does not utilize vendor-lock mechanisms to trap your enterprise data.

Right to Correction & Deletion

You maintain the right to instantly fix incorrect profile details in your settings dashboard. Furthermore, you can trigger the permanent deletion of specific files, databases, or entire user accounts with automated execution systems that honor your deletion requests instantly.

Restriction of Processing

If there is an active legal dispute regarding the accuracy of your data or our right to process it, you can request a temporary freeze on data processing. During this freeze, your data remains safely stored but inaccessible to active application logic until the dispute is resolved.

Withdrawal of Consent

Any specific processing permission you previously grantedsuch as opting into marketing emails, beta feature telemetry, or localized AI trainingcan be revoked instantly. Withdrawing consent carries absolutely no retroactive penalties to your baseline service quality.

9. Account Management & Policies

Account Deletion Protocols

Initiating account deletion triggers our 90-day permanent erasure protocol. Manual deletion of specific database schemas on your own via developer tools will immediately break your software dependencies, and Zen-Tech assumes zero liability for software crashes resulting from self-inflicted data destruction.

Mandatory Breach Notification

In the highly rare event of a structural security failure on our end, Zen-Tech’s Cybersecurity Team will notify affected Organization Managers within 72 hours of discovery. We will detail the exact scope of the breach, the data compromised, and the immediate mitigation steps required.

Inactive Account Dormancy

For security and server optimization, free-tier accounts that remain entirely inactive for a continuous period of 12 months will be marked for dormancy deletion. We will dispatch three electronic warnings prior to purging an inactive account from our primary servers.

10. Sonam AI Rules & Privacy

AI Chat Privacy

Chats with Sonam AI are strictly confidential. Human administrators do not routinely read your chat logs. Prompts are automatically sanitized for malicious injection vectors (such as prompt injection attacks or hidden SQL commands) before being processed by the inference engine.

AI Model Improvement

We continuously refine Sonam AI using generalized interaction data, though users have an absolute right to opt out of this process via their dashboard. Note that AI systems are susceptible to cognitive variance ("hallucinations").

AI Usage Restrictions

Our engines feature hardcoded guardrails against generating illicit or highly dangerous content. Users are strictly prohibited from using Zen-Tech AI to generate malware, automate targeted harassment, or simulate unauthorized reverse connections outside of contracted security audits.

11. Tech Stack & Infrastructure Disclosures

Core Active Infrastructure

You interact with our core stack continuously. We explicitly utilize Supabase for secure relational databases and authentication. We use Cloudflare for DNS routing and edge caching. Razorpay handles global subscription billing, while Vercel executes our front-end hosting and serverless functions.

Optional Enterprise Integrations

OpenAI, Hugging Face, Google Gemini, and Anthropic APIs are supported only if clients explicitly request custom model deployments via a Bring-Your-Own-Key (BYOK) architecture, entering their own API keys into dedicated enterprise server nodes that we manage.

Prohibited Ad-Tech Technologies

To maintain our isolated security frameworks and prevent third-party tracking, we explicitly ban the integration of Firebase, Google Analytics, Microsoft Clarity, and standard Meta/Facebook tracking pixels from our core authenticated software environments.

12. Unauthorized Data Exfiltration & Breaches

Prohibition of Data Scraping

Unauthorized data extraction is considered a criminal cyber-felony. You are strictly forbidden from scraping, copying, or stealing data that does not belong to you using automated bots. Violating this breaches the Indian IT Act (Sec 43) and CFAA, resulting in immediate law enforcement involvement and civil litigation.

Liability for Data Leaks

If you intentionally leak another user's private data, sell access to your enterprise account, or give your login credentials to a hacker through extreme carelessness, you are solely responsible. Zen-Tech assumes zero liability for breaches caused by user malice or gross negligence.

Automated API Abuse & Bots

Attempting to circumvent our frontend interfaces to hammer our undocumented internal APIs with automated traffic is strictly prohibited. Such actions are classified as unauthorized infrastructure abuse and will trigger automated IP blacklisting and potential legal action for service disruption.

13. Access Control & Multi-Factor Authentication

Mandatory MFA Enforcement

Organization Managers are contractually obligated to enforce Two-Factor Authentication (MFA) across their tenant ecosystem. Failure to enforce MFA constitutes gross negligence. If a tenant is compromised due to a weak password and a lack of MFA, the user explicitly waives all rights to hold Zen-Tech liable.

Session Expiration Policies

To prevent unauthorized physical access to unattended terminals, all authenticated sessions feature an absolute timeout threshold. Sessions left entirely idle will be forcefully terminated, requiring re-authentication to re-enter the secure workspace.

Lost Authenticator Recovery

In the event a user loses access to their primary MFA device, Zen-Tech mandates a strict, multi-step identity verification process to recover the account. We will not bypass MFA requirements merely based on email requests; users must provide cryptographic backup codes generated at account creation.

14. Biometric Data & Zero-Knowledge Proofs

Zero-Knowledge Architecture

For systems utilizing facial recognition, fingerprint scanning, or WebAuthn passkeys, Zen-Tech utilizes Zero-Knowledge Proofs (ZKP) via FIDO2 standards. We do not save raw biometric templates on centralized servers; the actual biometric data stays trapped safely inside your personal hardware enclave.

Hardware-Backed Authentication

Our biometric integration strictly interfaces with the Secure Enclave (Apple) or Trusted Execution Environment (Android/Windows) on your device. When you authenticate, Zen-Tech only receives a mathematical cryptographic confirmation that a successful match occurred locally on your device.

Opt-in Consent Protocols

Biometric authentication is never forced. Users must explicitly opt-in and grant browser or operating system permissions to utilize biometric workflows. Users retain the absolute right to fall back to standard, high-entropy password authentication at any time.

15. Global Data Residency & Localization Framework

Default Edge Routing

By default, your data may traverse global CDNs and be stored in the United States, Europe, or India to optimize application speed. Our edge network automatically routes traffic to the nearest geographic node to ensure the lowest possible latency for enterprise execution.

Custom Localization Addendums

If local laws dictate data MUST stay inside your specific country, users must execute an Enterprise Data Localization Addendum. Users are solely responsible for ensuring their use of Zen-Tech complies with local data sovereignty laws (e.g., India's CERT-In directives).

Global CDN Caching Implications

Even under strict data localization frameworks, non-sensitive static assets (such as CSS files, logos, and UI JavaScript) will be cached globally on Edge networks. We guarantee that sensitive database payloads and PII will remain restricted to the designated national boundaries.

16. Sub-Processor Agreements & Third-Party Audits

Third-Party Audits and DPAs

We work with highly secure companies (sub-processors) to deliver our software, maintaining a strict Data Processing Agreement (DPA) with all of them. These DPAs legally bind the sub-processors to the exact same stringent privacy and security standards outlined in this Master Codex.

Notification of Vendor Changes

Zen-Tech reserves the right to onboard new sub-processors to enhance platform capabilities. However, we are legally bound to provide a 30-day electronic notice to all Organization Managers prior to routing any tenant data through a newly contracted third-party vendor.

Client Right to Object

The user's sole remedy for objecting to a new sub-processor is the termination of the SaaS agreement prior to the end of the notice period. Continued use of the platform following the 30-day window constitutes legally binding acceptance of the new vendor infrastructure.

17. API Security Rules & Rate Limiting

Key Custody and Financial Liability

API Secret Keys are equivalent to digital bearer bonds. You must keep your API keys safe. The user assumes absolute, non-transferable financial liability for all compute costs, token usage, and AI inference charges incurred via their API keys, regardless of whether the usage was authorized.

Hard Rate Limiting Protocols

Zen-Tech enforces hard API rate-limiting to protect server stability. Attempts to bypass these limits via IP rotation or distributed botnets will be classified as a Denial of Service (DoS) attack. Violators will face immediate prosecution as a cybercrime under applicable IT frameworks.

Automated Token Revocation

If our security scanners detect that your private API key has been accidentally published to a public repository (such as GitHub), our systems will automatically revoke the key and nullify its access immediately to prevent unauthorized financial exploitation of your account.

18. Vulnerability Disclosure & Authorized Audits (E-Hacking)

Rules of Engagement (RoE)

Unauthorized penetration testing, network auditing, reverse shells, or vulnerability scanning of Zen-Tech infrastructure is strictly prohibited unless explicitly bound by a mutually executed Rules of Engagement (RoE) contract signed by Zen-Tech’s legal team.

Prohibited Attack Vectors

Unauthorized use of tools like Nmap, Curl, Burp Suite, or Kali Linux suites against our domains without permission violates the CFAA. Violators will not be protected by "ethical hacker" defenses and will face immediate criminal prosecution and civil lawsuits for infrastructure disruption.

Safe Harbor & Bug Bounty

Security researchers who discover a vulnerability entirely by accident, without using prohibited aggressive scanning tools, and who report it privately to our security team, will be granted Safe Harbor. We may, at our sole discretion, offer a bounty reward for responsible disclosure.

19. Internal Employee Access Controls

Principle of Least Privilege (PoLP)

Zen-Tech enforces the Principle of Least Privilege for internal staff. Our employees cannot browse through your files. Internal access to production databases requires secure VPN tunneling and MFA. Only senior engineers are authorized to access tenant data strictly in response to support tickets.

Immutable Access Logging

Every internal administrative action taken by a Zen-Tech employee upon a client's tenant database is recorded in a cryptographically secured, append-only log. These logs cannot be altered or deleted by the employees themselves, ensuring total accountability for internal actions.

Employee Background Verification

All Zen-Tech employees with potential access to the production environment undergo rigorous background checks. Any employee caught violating access protocols to view client data for personal reasons will face immediate termination and criminal prosecution for corporate espionage.

20. Business Continuity & Disaster Recovery (BCP/DR)

Redundancy and Force Majeure

Zen-Tech maintains encrypted backups of data in multi-region redundancies to restore software in the event of hardware failure. However, the service is provided "As-Is". We explicitly disclaim liability for data loss resulting from Acts of God, warfare, or cloud provider failure (Force Majeure).

Recovery Time Objective (RTO)

In the event of a catastrophic regional failure, our engineering team targets a specific Recovery Time Objective to restore baseline functionality. However, this objective is an internal goal, not a legally binding Service Level Agreement (SLA) guarantee, unless explicitly contracted otherwise.

Client-Side Backup Obligations

Despite our robust internal redundancies, users are contractually obligated to maintain their own local, redundant copies of mission-critical data. Zen-Tech will not be held liable for business interruptions if the client failed to maintain independent backups of their operational files.

21. AI Ethics, Bias Mitigation, and Non-Discrimination

Algorithmic Fairness Strategies

While we strive for unbiased AI, learning models may occasionally generate incorrect, offensive, or biased outputs based on internet training data. Zen-Tech continually monitors model weights to suppress highly toxic inferences, but we cannot guarantee 100% sterile output in every edge case.

Liability for Automated Decisions

Zen-Tech disclaims all liability for discriminatory or hallucinatory outputs generated by Sonam AI. The user absorbs 100% of legal and financial liability for business, personal, or medical decisions enacted based on AI outputs without proper human verification.

Human-in-the-Loop (HITL) Requirements

Users are strictly prohibited from utilizing our AI for automated employment screening, credit scoring, or judicial sentencing. You must maintain a Human-in-the-Loop oversight mechanism when deploying AI for consequential decisions, as failing to do so violates international fairness laws.

22. Health & Medical Data Handling (ImpactOS)

BAA Requirements for PHI

Standard SaaS tiers are NOT HIPAA compliant by default. If you use our software (such as ImpactOS) to manage blood donations or clinic records, storing Protected Health Information (PHI) requires executing a separate Business Associate Agreement (BAA) with Zen-Tech beforehand.

Encryption of Health Records

Once a BAA is executed, all Electronic Medical Records (EMR) are subject to elevated field-level encryption. We ensure that patient diagnostic data is cryptographically separated from generalized tenant telemetry to meet extreme medical compliance standards globally.

Audit Trails for Medical Access

ImpactOS environments maintain an immutable audit trail detailing exactly which medical staff member accessed which patient record and at what time. Uploading medical data to non-BAA covered environments transfers all regulatory HIPAA violation fines directly to the offending user.

23. Educational Data (Exam Master)

FERPA and Student Consent

For educational tenants using portals like Exam Master, Zen-Tech acts solely as a Data Processor. The academic institution is the Data Controller and must ensure FERPA (USA) or equivalent domestic compliance regarding student consent before storing test scores or grades.

Proctoring Data Limitations

If anti-cheat proctoring features are enabled by an institution, Zen-Tech strictly processes the video or browser-lock telemetry only for the duration of the exam. We guarantee we will never sell student biometric data or utilize academic records for targeted advertising.

Automated Deletion of Academic Records

Zen-Tech will instantly comply with verified school administrator requests to purge student records upon graduation or transfer. However, we hold no liability if the educational institution itself fails to collect proper consent initially or fails to request deletion when legally required.

24. Media, Intellectual Property, and Film Production (Zenteku)

Copyright and DMCA Compliance

When you use our platforms to store raw film footage or scripts (such as for "Udaan" or "Nahee Subha"), your intellectual property remains 100% yours. Zen-Tech complies fully with the DMCA and will terminate accounts found to infringe on third-party IP without issuing refunds.

Pre-Release Media Security

We provide elevated, unlisted cloud storage for pre-release media assets. Zen-Tech waives all claims to copyright or distribution rights of user-uploaded media. We guarantee we will not leak your unreleased movies, protecting the integrity of your production house deliverables.

Waiver of Generative Training

We explicitly guarantee that unreleased media, scripts, and production files uploaded to Zenteku cloud storage will never be scraped by our internal systems to train generative video or text AI models without direct, explicitly signed contractual permission from the creator.

25. Internet of Things (IoT) & Edge Device Data

Telemetry and Device Security

IoT edge device telemetry (e.g., from smart scanners or biometric grips) is ingested strictly via encrypted MQTT or HTTPS protocols. We do not covertly activate devices to monitor locations. Zen-Tech is not liable for data breaches that occur locally due to outdated device firmware.

Firmware Update Obligations

The user assumes full responsibility for securing their physical hardware before it handshakes with Zen-Tech cloud nodes. Failing to apply security patches to edge devices creates a vulnerability outside of our control, for which the user assumes total liability.

Edge-to-Cloud Encryption Protocols

All data transmitted from an IoT device to the Zen-Tech central nervous system must utilize TLS authentication. We will automatically sever connections from legacy devices attempting to transmit plaintext payloads across our secured network boundaries.

26. Data Retention and Cryptographic Shredding

90-Day Erasure Protocol

When you delete an account, your files are not simply moved to a recycle bin. Zen-Tech executes Cryptographic Shredding on all expired tenant data. After a mandatory 90-day retention window, the data is marked for permanent, irreversible destruction.

Encryption Key Destruction

We achieve true erasure by intentionally deleting the master encryption keys associated with a tenant's database blob. Without the key, the remaining data on the disk becomes mathematically irretrievable ciphertext, rendering recovery impossible even by elite forensics teams.

Immutable Deletion Verification

Users must understand that once this 90-day window expires and cryptographic shredding occurs, Zen-Tech cannot restore the data under any legal, technical, or financial compulsion. The deletion is final, verified by our automated infrastructure logs.

27. Supply Chain Security and Vendor Risk Management

Rigorous Dependency Scanning

Software is built utilizing thousands of open-source code libraries. Zen-Tech employs rigorous, automated Dependency Scanning to actively monitor these libraries and patch known vulnerabilities the moment a CVE (Common Vulnerabilities and Exposures) report is published.

Zero-Day Risk Acknowledgment

In the event of a Zero-Day Supply Chain attack (e.g., malicious commits to an upstream open-source library before a patch exists), Zen-Tech disclaims liability for resulting downtime or data exfiltration, as this represents an unpredictable, systemic internet risk.

Open-Source Auditing Standards

We guarantee rapid incident response in the event of a supply chain compromise. We strictly audit our dependencies, removing libraries maintained by unknown or unverified developers to minimize the attack surface presented to our enterprise clientele.

28. Government Espionage and Warrant Canary Status

Cryptographic Warrant Canary

Zen-Tech maintains a cryptographic Warrant Canary. As of the Last Updated date of this policy, Zen-Tech has NOT been subjected to any secret FISA court orders, National Security Letters, or gag orders requiring the installation of surveillance backdoors.

Strict Backdoor Prohibition

We do not implement secret backdoors in our software for government, police, or intelligence agencies. We prioritize mathematically sound security architecture over state surveillance demands, ensuring our systems remain impenetrable to unauthorized mass data harvesting.

Subpoena Resistance Policies

If we are ever forced by a covert court order to compromise our encryption, we will signal this by failing to update our Canary, as legally permitted. We will aggressively fight overbroad subpoenas in court to protect the fundamental privacy rights of our global users.

29. Acceptable Use Policy (AUP) Integration

Strict Prohibited Activities

Do not use our software to do illegal things. Hosting malicious payloads, orchestrating botnets, cryptocurrency mining, harassment, or distributing illicit CSAM material will result in immediate, non-refundable account termination and permanent blacklisting.

Automated Content Hashing

Zen-Tech utilizes automated content hashing algorithms (such as PhotoDNA) to detect illegal payloads without human review. If these hashes match known databases of highly illicit material, the system will autonomously lock the tenant space.

Immediate Suspension Protocols

Upon detecting a severe violation of the Acceptable Use Policy, Zen-Tech will proactively report violators to Interpol, the FBI, and Indian Cyber Police without prior warning, handing over all relevant IP logs and account metadata for criminal prosecution.

30. Phishing, Spoofing, and Social Engineering Liabilities

User Liability for Social Engineering

Zen-Tech will never contact you requesting your password. Our infrastructure is technically immune to social engineering. If a user falls victim to a spear-phishing attack or vishing (voice phishing) and hands over their credentials, the user bears 100% of the liability for the breach.

Credential Stuffing Protection

While we deploy rate limits to prevent credential stuffing attacks, we cannot stop threat actors if you reuse passwords from other breached websites. Users must utilize unique, high-entropy passwords exclusively for their Zen-Tech enterprise accounts.

Zero-Trust Communication Standard

Zen-Tech will not reverse transactions or restore data deleted by threat actors utilizing validly obtained credentials. We operate on a Zero-Trust communication model; if a request comes from an authenticated session, the system executes it assuming it is legitimate.

31. Financial AI, Cryptocurrency, and Blockchain Limitations

Disclaimer of Fiduciary Duty

Zen-Tech AI is not a licensed financial fiduciary. Any algorithmic market analysis, tracking of Gold ETFs (such as Angel One), commodity predictions, or blockchain smart-contract generation provided by our software is strictly for educational and informational purposes.

Algorithmic Trading Risks

Users utilizing our API to route programmatic trading data must understand that market volatility is unpredictable. Any delay, latency spike, or AI cognitive error that results in a failed or unprofitable trade falls entirely outside our scope of operational liability.

Indemnification for Capital Loss

The user assumes all financial risk. We claim total indemnification against capital losses, SEC/SEBI regulatory actions, or crypto wallet draining resulting from your reliance on our software platforms or AI-generated financial insights.

32. Deepfakes & Synthetic Media Restrictions

Prohibition of Non-Consensual Media

The generation of non-consensual synthetic media ("deepfakes") depicting real individuals using our AI generators is a severe violation of this Codex. You may not utilize our platform to generate hyper-realistic portrayals of people without documented consent.

Invisible Cryptographic Watermarking

Zen-Tech reserves the right to implement invisible cryptographic watermarking and metadata tagging on all AI-generated media. This allows us to trace misuse back to the originating tenant if the media is utilized in a malicious or highly illegal context.

Severe Electoral Interference Bans

Users deploying synthetic media to scam individuals, defame public figures, commit financial fraud, or interfere with democratic elections will face immediate account termination and we will cooperate fully with law enforcement agencies globally to stop the threat.

33. Cross-Border Data Transfers (Schrems II & SCCs)

Standard Contractual Clauses (SCCs)

Following the Schrems II ruling, Zen-Tech relies strictly on Standard Contractual Clauses (SCCs) issued by the European Commission for data transfers outside the EEA. We guarantee that your data remains protected when routed to our servers in the US or India.

Transatlantic Encryption Protocols

To ensure compliance during transatlantic routing, we implement supplementary measures including advanced at-rest encryption and strict access controls. These protocols are specifically designed to prevent foreign intelligence agencies from accessing EU citizens' data.

Data Sovereign Safeguards

By maintaining these strict cryptographic barriers, we ensure full GDPR compliance even when data crosses borders. Organizations utilizing our software in highly regulated European zones can rely on these safeguards for their own regulatory compliance audits.

34. Digital Forensics and Evidence Preservation

Legal Hold Protocols

In the event of suspected criminal activity on our platform, Zen-Tech reserves the right to execute a Legal Hold. This action immediately freezes the tenant environment and overrides the standard 90-day deletion protocol, preventing the destruction of evidence.

Chain of Custody Preservation

Once a Legal Hold is active, we preserve server logs, IP addresses, and digital snapshots of database states to maintain a pristine Chain of Custody for digital forensics. This ensures the digital evidence remains untampered and admissible in a court of law.

Law Enforcement Cooperation Limitations

This forensic evidence will be held securely on cold-storage drives and surrendered exclusively under valid judicial warrants. We will not hand over preserved forensic snapshots based merely on informal requests from police officers without proper legal documentation.

35. Employee Termination Data Protocols

IAM Provisioning Responsibilities

Organization Managers bear sole fiduciary responsibility for provisioning and de-provisioning Identity Access Management (IAM) credentials for their staff. Managing who has access to the Zen-Tech dashboard within your company is entirely your administrative duty.

Post-Termination Access Risks

If an employee is terminated, it is the business owner's duty to revoke access immediately. Zen-Tech claims zero liability for data sabotage, corporate espionage, or IP theft committed by an angry terminated employee whose access was left active.

Instant Credential Revocation Enforcement

Our platform provides instantaneous revocation tools. The moment an Organization Manager revokes a user's license, all active session tokens for that user are immediately invalidated, instantly terminating their access to the enterprise workspace globally.

36. Lawful Interception and End-to-End Decryption

End-to-End Decryption Limitations

Where Zen-Tech provides specific client-side encryption architectures, the decryption keys reside solely with the user. Under such configurations, Zen-Tech does not possess a master key and is mathematically incapable of complying with lawful interception orders.

Inability to Surrender Plaintext

If subpoenaed by state authorities regarding a client utilizing client-side encryption, we will surrender the raw ciphertext as legally required. However, the burden of decryption falls entirely on the user or the state apparatus, as we cannot crack the encryption ourselves.

Jurisdictional Subpoena Scrutiny

Zen-Tech heavily scrutinizes all decryption requests to ensure they originate from a valid jurisdiction. We will actively refuse to assist in decrypting data requested by authoritarian regimes targeting journalists, activists, or political dissidents.

37. Automated Anti-DDoS and Traffic Null-Routing

Automated Edge Mitigation Protocols

Zen-Tech utilizes Cloudflare and Vercel edge networks for automated DDoS mitigation. Our systems instantly identify malicious traffic spikes and deploy intelligent CAPTCHA challenges and rate limits to block the attack without disrupting legitimate human users.

BGP Null-Routing Implementation

In the event of a volumetric attack (e.g., exceeding 100 Gbps) targeting a specific tenant that jeopardizes the shared infrastructure, Zen-Tech reserves the right to implement BGP null-routing (blackholing) against the targeted tenant to protect the rest of the network.

Shared Infrastructure Protection

We disclaim liability for downtime incurred by a targeted tenant during necessary defensive null-routing. Protecting the overarching integrity and uptime of the entire SaaS platform takes absolute precedence over the availability of a single attacked node.

38. Severability & Waiver Clause

Enforceability of Remaining Clauses

If any provision of this Codex is held by a court of competent jurisdiction to be invalid, illegal, or unenforceable, the remaining provisions shall remain in full force and effect. The invalidity of one specific rule does not collapse the entire legal framework.

Strict Non-Waiver of Rights

The failure of Zen-Tech to enforce any right or provision of this Codex at any specific time shall not constitute a waiver of such right or provision in the future. If we choose not to terminate an account for a minor infraction today, we retain the right to do so tomorrow.

Jurisdictional Adaptability

This Codex is designed to be globally adaptable. Should specific regional laws mandate alterations to certain clauses, those alterations will apply solely to users within that specific jurisdiction, leaving the core tenets of the document functionally intact globally.

39. Limitation of Liability and Extreme Indemnification

Absolute Limitation of Liability

To the maximum extent permitted by global law, Zen-Tech, its founders, and employees shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, data, goodwill, or business interruption.

Financial Cap on Damages

In no event shall Zen-Tech's aggregate liability exceed the total amount paid by the user to Zen-Tech in the twelve (12) months preceding the claim. We offer a high-availability software service, not a comprehensive business insurance policy.

User Defense and Indemnification Obligations

By utilizing our software architecture, the user agrees to fully indemnify, defend, and hold harmless Zen-Tech International against all lawsuits, claims, and legal fees arising from the user's direct breach of this Codex or misuse of the platform.