Security First

Your Data,
Protected

We take security seriously. Here's exactly how we protect your memories.

How Your Data Flows Through Zdravo

Browser

Click bookmarklet in ChatGPT/Claude/Cursor

TLS 1.3

Encrypted in transit to our servers

Storage

AES-256 encrypted at rest (Supabase)

Private AI

Embeddings on dedicated NucBox (never third-party)

Key Point: Your conversation content is processed on our private infrastructure (NucBox in Nuremberg). It never touches OpenAI, Anthropic, or any third-party AI provider for embeddings or search.

Encryption Standards

How your data is secured at every step

🔐 In Transit (TLS 1.3)

All data between your browser and our servers is encrypted using TLS 1.3, the latest security protocol. This is the same standard used by banks and financial institutions.

🗄️ At Rest (AES-256)

Your memories are encrypted using AES-256 when stored in our database. This military-grade encryption ensures that even if someone gained access to our servers, they couldn't read your data without the encryption keys.

⚠️ Important Clarification

Server-side encryption: ZDRAVO uses server-side encryption (not end-to-end). This means we technically can access your data for operations like semantic search, auto-tagging, and generating summaries. We never do this except as required by law or to provide the service you requested.

Data Residency

Where your data lives

🇺🇸 United States

Primary data center: AWS US-East (N. Virginia). All data is stored here by default.

🇪🇺 EU Region (Coming Q2 2026)

GDPR-compliant EU data center option for Enterprise customers.Contact us for early access.

Compliance & Certifications

Our commitment to standards

✓

GDPR Compliant

Right to access, delete, and export your data. Data Processing Agreements available for Teams tier.

→

SOC 2 Type II (In Progress)

Audit in progress, expected Q2 2026. Contact us for status updates.

○

CCPA (In Progress)

California privacy compliance expected Q2 2026.

Privacy Policy

What we collect and why

We collect: Your saved conversations, email (for auth), usage analytics (anonymized), and payment info (via Stripe - we never see your card details).

We do NOT collect: Your browsing history outside AI platforms, personal identifiers beyond email, or sell any data to third parties.

Third parties: We use Supabase (database), Vercel (hosting), Stripe (payments), and private infrastructure for embeddings. Your conversation content never touches any third-party AI provider.

Read Full Privacy Policy →

Service Level Agreement

Our uptime commitment

99.9%

Monthly Uptime Guarantee

✓ Max 43 minutes downtime per month

✓ Real-time status: status.zdravoai.com

✓ Service credits if we fall short (Pro/Teams only)

✓ Incident response: <15 minutes during business hours

Questions about security?

Contact security@zdravoai.com

ZDRAVO

Security First

Your Data,
Protected

We take security seriously. Here's exactly how we protect your memories.

How Your Data Flows Through Zdravo

Browser

Click bookmarklet in ChatGPT/Claude/Cursor

TLS 1.3

Encrypted in transit to our servers

Storage

AES-256 encrypted at rest (Supabase)

Private AI

Embeddings on dedicated NucBox (never third-party)

Key Point: Your conversation content is processed on our private infrastructure (NucBox in Nuremberg). It never touches OpenAI, Anthropic, or any third-party AI provider for embeddings or search.

Encryption Standards

How your data is secured at every step

🔐 In Transit (TLS 1.3)

All data between your browser and our servers is encrypted using TLS 1.3, the latest security protocol. This is the same standard used by banks and financial institutions.

🗄️ At Rest (AES-256)

⚠️ Important Clarification

Data Residency

Where your data lives

🇺🇸 United States

Primary data center: AWS US-East (N. Virginia). All data is stored here by default.

🇪🇺 EU Region (Coming Q2 2026)

GDPR-compliant EU data center option for Enterprise customers.Contact us for early access.

Compliance & Certifications

Our commitment to standards

✓

GDPR Compliant

Right to access, delete, and export your data. Data Processing Agreements available for Teams tier.

→

SOC 2 Type II (In Progress)

Audit in progress, expected Q2 2026. Contact us for status updates.

○

CCPA (In Progress)

California privacy compliance expected Q2 2026.

Privacy Policy

What we collect and why

We collect: Your saved conversations, email (for auth), usage analytics (anonymized), and payment info (via Stripe - we never see your card details).

We do NOT collect: Your browsing history outside AI platforms, personal identifiers beyond email, or sell any data to third parties.

Third parties: We use Supabase (database), Vercel (hosting), Stripe (payments), and private infrastructure for embeddings. Your conversation content never touches any third-party AI provider.

Read Full Privacy Policy →

Service Level Agreement

Our uptime commitment

99.9%

Monthly Uptime Guarantee

✓ Max 43 minutes downtime per month

✓ Real-time status: status.zdravoai.com

✓ Service credits if we fall short (Pro/Teams only)

✓ Incident response: <15 minutes during business hours

Questions about security?

Contact security@zdravoai.com

Your Data,Protected

How Your Data Flows Through Zdravo

Browser

TLS 1.3

Storage

Private AI

Encryption Standards

🔐 In Transit (TLS 1.3)

🗄️ At Rest (AES-256)

⚠️ Important Clarification

Data Residency

🇺🇸 United States

🇪🇺 EU Region (Coming Q2 2026)

Compliance & Certifications

GDPR Compliant

SOC 2 Type II (In Progress)

CCPA (In Progress)

Privacy Policy

Service Level Agreement

Your Data,Protected

How Your Data Flows Through Zdravo

Browser

TLS 1.3

Storage

Private AI

Encryption Standards

🔐 In Transit (TLS 1.3)

🗄️ At Rest (AES-256)

⚠️ Important Clarification

Data Residency

🇺🇸 United States

🇪🇺 EU Region (Coming Q2 2026)

Compliance & Certifications

GDPR Compliant

SOC 2 Type II (In Progress)

CCPA (In Progress)

Privacy Policy

Service Level Agreement

Your Data,
Protected

Your Data,
Protected