Zertru Logo
Legal Center

Privacy Policy

Last Updated: June 04, 2026

1. Introduction

At Zertru, we are committed to protecting the privacy of your data. As a zero-trust AI proxy service, our core mission is to help you build and scale with generative AI without compromising on privacy, security, or compliance.

This Privacy Policy describes how Zertru Inc. ("Zertru", "we", "us", or "our") collects, uses, and discloses information in connection with our website, APIs, proxy services, and developer platforms.

2. Zero-Trust Data Policy

By default, Zertru does not store prompt contents, requests, or model responses.

All AI request payloads (prompts and model outputs) passing through our SaaS cloud proxy are processed entirely in-memory, redacted in real time, and immediately forwarded to your target AI endpoint. Telemetry logs only capture request metadata (e.g., token counts, request duration, status codes, blocked flags) for billing and analytics dashboards.

If you explicitly enable full payload logging for compliance audit trails in your account dashboard, such data is encrypted at rest using AES-256 and subject to your configured retention policies. For self-hosted VPC deployments, no prompt data is ever sent to Zertru servers.

3. Information We Collect

We collect personal information necessary to deliver our services, manage accounts, and monitor developer platform health:

  • Account Details: Name, work email address, billing address, payment details, and organization name.
  • API Telemetry: Log and usage metrics, including latency, request volume, token counts, target models, and active policies.
  • Technical Info: IP addresses, browser types, and operating system details collected when accessing our dashboard.

4. PII Redaction & Data Processing

Our proxy inspects incoming payloads for Personally Identifiable Information (PII) and Protected Health Information (PHI). This processing uses local machine learning models and heuristics running on our edge servers. We redact names, emails, Social Security Numbers, credit cards, phone numbers, and custom patterns before forwarding the sanitized request to external LLM providers.

5. Data Sharing and Third Parties

We do not sell your personal data. We only share data with trusted third parties to provide our core services, such as payment processors (Stripe) and infrastructure providers (AWS). We only forward API requests to the LLM providers (e.g., OpenAI, Anthropic, Google) that you choose to configure in your proxy routes.

6. Security Compliance

We maintain a comprehensive security program designed to safeguard your information. Zertru is SOC2 Type II compliant and meets the technical safeguard requirements for HIPAA. All communication is encrypted using TLS 1.3 in transit, and all stored data is encrypted using AES-256 at rest.

7. Contact Information

If you have questions about this policy or our data practices, please contact us at:

Zertru Inc. Legal Department
Email: legal@zertru.com