Zentrova's Privacy Policy
Zentrova.ai is a product offered by Korekube LLC
Your Trust Matters
At Zentrova, trust isn't just part of our product — it's the foundation of everything we build. We take the responsibility of protecting your information seriously. This Privacy Statement explains how we collect, use, secure, and share your data with clarity and transparency, so you always know exactly what to expect from us.
1. Introduction
This Privacy Policy describes how Korekube LLC ("Korekube," "we," "us," or "our"), the operator of the Zentrova.ai platform, collects, uses, and protects personal information in connection with our AI-powered Security Trust Center and questionnaire automation services (the "Service").
Zentrova provides an AI-powered platform that helps organizations manage security compliance, automate questionnaire responses, and maintain security trust centers for vendor assessments and compliance reporting.
2. Our Role as Data Processor
Important: Zentrova acts as a data processor for most personal information processed through our Service.
This means:
- Your Organization (Client) is the data controller that determines what personal information is collected and how it's used
- Zentrova processes this information on behalf of your organization according to their instructions
- For data rights requests (access, deletion, correction, etc.), you should contact your organization's administrator first
3. Information We Process
3.1 Information Processed for Clients
When you use Zentrova through your organization, we process the following types of information on behalf of your organization:
Account Information:
- Name, email address, username, profile information
- Role and permissions within your organization
- Account preferences and settings
Compliance and Security Content:
- Security questionnaire responses and assessments
- Compliance documentation and certificates
- Security control implementations and evidence
- Vendor assessment data and risk ratings
- Trust center content and documentation
AI Processing Data:
- Document uploads for AI analysis and processing
- Questionnaire prompts and AI-generated responses
- Security framework mappings and recommendations
- Automated report generation inputs and outputs
Usage Information:
- Login times and activity logs
- Feature usage and interaction patterns
- Device and browser information
- IP addresses and location data
Additional Data Collection:
We reserve the right to collect additional categories of information as necessary to:
- Enhance platform functionality and user experience
- Improve platform features, performance, and accuracy
- Ensure platform security and fraud prevention
- Comply with legal and regulatory requirements
- Provide new features and services
When we collect new categories of information, we will update this Privacy Policy and notify organizational administrators as required by applicable law.
3.2 Information We Control
We act as a data controller for:
Service Administration:
- Billing and payment information for organizational accounts
- Support communications and tickets
- Legal compliance and security monitoring
Website Visitors:
- Basic analytics and website usage information
- Contact form submissions and demo requests
- Cookie data (see our Cookie Policy)
4. How We Use Information
4.1 As Data Processor
When acting as a data processor, we use personal information solely to:
- Provide the AI-powered Security Trust Center platform services
- Process and analyze security questionnaires and compliance documents
- Generate automated responses and reports using AI technology
- Maintain platform security and functionality
- Provide customer support as directed by your organization
- Comply with your organization's data processing instructions
4.2 As Data Controller
When acting as a data controller, we use information to:
- Process payments and manage subscriptions
- Provide customer support for administrative issues
- Comply with legal obligations
- Improve our services through analytics
- Send service-related communications
5. Information Sharing
5.1 Within Your Organization
Information processed for your organization is shared according to your organization's settings and permissions, including:
- Other members of your organization's compliance and security teams
- Administrators and users with appropriate permissions for security assessments
- Third-party integrations authorized by your organization for compliance workflows
5.2 Third-Party Service Providers
We may share information with trusted service providers who assist us in:
- Cloud hosting and infrastructure (e.g. Amazon Web Services)
- Payment processing
- Customer support tools
- Security and monitoring services
- Analytics and performance monitoring
- Code development and support third parties
Sub-Processors:
The following are key third-party service providers (sub-processors) that may process personal data on our behalf:
- Amazon Web Services (AWS) – Cloud infrastructure and storage
- Google – Cloud infrastructure and storage, AI and language model processing
- OpenAI – AI and language model processing
- Anthropic – AI and language model processing
- Freshworks – Customer support and engagement tools
We review our use of sub-processors and their security documentation, and take reasonable steps to ensure they apply appropriate technical and organizational measures to help safeguard personal data.
5.3 AI and Machine Learning
We may use AI technologies to enhance platform functionality, such as:
- Automated questionnaire completion and response generation
- Security framework mapping and compliance gap analysis
- Document analysis and evidence extraction
- Risk assessment and recommendation generation
- Content suggestions for trust center documentation
- Security contract redlining
Data Protection:
- Any information shared with AI providers is used solely for processing your requests and is not used to train their models.
- Inputs and outputs are not stored beyond the duration required to complete the task.
5.4 Legal Requirements
We may disclose information when required to:
- Comply with legal obligations
- Protect our rights and property
- Ensure platform security
- Respond to valid legal requests
6. Data Security
We implement comprehensive security measures, including:
- Encryption of data in transit and at rest
- Regular security audits and monitoring
- Access controls and authentication requirements
- Employee training on data protection
- Incident response procedures
7. Data Retention
AI inputs and AI-generated outputs are retained for no longer than 90 days and are deleted after the applicable retention period. Customers may also delete their content and AI-generated outputs at any time through the platform or by submitting a request to Zentrova.
Questionnaires and other files uploaded by users are retained for the duration of the customer's active contract, unless the customer deletes them earlier or requests their deletion. Upon termination or expiration of the contract, uploaded files are deleted in accordance with Zentrova's data-retention and deletion procedures, subject to any limited retention required by law, security, dispute-resolution, or backup-management obligations.
Administrative Data: We retain billing and administrative information for as long as necessary to provide services and comply with legal obligations.
Website Data: Analytics and website usage data is retained for up to 2 years.
8. International Data Transfers
Our primary data processing occurs in the United States through Amazon Web Services. We may also process data in other jurisdictions where our service providers operate, including India, for development and support services.
For transfers outside your region, we implement appropriate safeguards such as:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions
- Other approved transfer mechanisms
9. Your Rights
9.1 If You're an End User
For most data rights requests, contact your organization's administrator first. Your organization controls:
- Access to your personal information
- Correction of inaccurate information
- Deletion of your information
- Data portability
- Restriction of processing
9.2 If We Cannot Assist
If you contact us directly, we will:
- Redirect you to your organization's administrator
- Notify your organization of your request (unless prohibited by law)
- Assist your organization in responding to your request
9.3 Administrative Account Rights
For billing and administrative data we control, you may:
- Access your information
- Correct inaccuracies
- Request deletion (subject to legal retention requirements)
- Object to processing
- Withdraw consent where applicable
10. Contact Information
Data Protection Inquiries
Email: admin@zentrova.ai
Subject Line: "Privacy Inquiry - [Your Organization Name]"
Data Rights Requests
Email: admin@zentrova.ai
Subject Line: "Data Rights Request - [Your Organization Name]"
General Support
Email: admin@zentrova.ai
Platform: Submit a support ticket through the Zentrova platform
11. Cookie Policy
We use cookies and similar technologies to:
- Maintain your login session
- Remember your preferences
- Ensure security
You can control cookie settings through your browser, though some features may not function properly if cookies are disabled.
12. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or applicable laws. We will:
- Post the updated policy on our website
- Notify organizational administrators of material changes
- Update the effective date at the top of this policy
Continued use of the Service after changes indicates acceptance of the updated policy.
13. Compliance
This policy is designed to comply with applicable data protection laws including:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA/CPRA)
- Other applicable regional privacy laws
15. Client Responsibilities and Limitations
15.1 Client Data Upload Responsibilities
Clients are solely responsible for:
- Ensuring they have proper authorization to upload and process all data through the Zentrova platform
- Determining the appropriateness of data shared with our AI and processing systems
- Compliance with applicable laws regarding any sensitive, confidential, or regulated data they choose to upload
- Obtaining necessary consents from individuals whose personal data is processed through the platform
- Implementing appropriate data classification and handling procedures within their organization
15.2 Sensitive Data Disclaimer
Zentrova does not actively screen, filter, or block specific categories of data from being uploaded. While we implement robust security measures to protect all data on our platform, clients should exercise appropriate judgment regarding the types of data they upload.
Zentrova is not liable for any consequences arising from clients' decisions to upload sensitive, confidential, or regulated data, including but not limited to:
- Protected health information (PHI)
- Financial account numbers or payment card data
- Government-issued identification numbers
- Trade secrets or proprietary business information
- Data subject to specific regulatory requirements
15.3 Service Limitations
Zentrova provides AI-powered automation and assistance tools designed to enhance productivity. However:
- AI-generated responses should be reviewed by qualified personnel before external distribution
- Zentrova is not a substitute for professional legal, compliance, or security advice
- Clients remain responsible for the accuracy and appropriateness of all content shared externally
- Platform availability and performance may vary based on technical factors beyond our control