Privacy follows the actual deployment boundary.
A public summary of how the runtime-first product model affects data handling. The runtime runs in your infrastructure; the hosted console operates on account and operational metadata.
1. Roles and deployment model
When customers self-host the runtime, they control the environment where prompt and response content is evaluated. When Zitrino provides a hosted console, Zitrino acts as a service provider for the console surface while the customer remains responsible for the runtime they deploy.
2. Data categories
For the hosted console, the main categories are account data, organization metadata, operational trace metadata, support communications, and billing or contract records where applicable. The Growth operating model uses metadata-first visibility by default - traces record identifiers, policy decisions, detector summaries, and latency rather than storing full prompt or response bodies.
3. Runtime content boundary
The runtime processes prompts, outputs, and tool payloads inside customer infrastructure. Customers are responsible for the policies, retention rules, and logs they configure in their own environment.
4. Retention and deletion
Retention depends on the deployment model and commercial agreement. Self-hosted customers control retention in their own infrastructure. Hosted-console data is retained according to product defaults, configuration, and contractual commitments, then deleted or returned according to the applicable agreement.
5. Security and transfers
The service is designed around enterprise security controls and deployment choices. External certifications and attestations are issued separately when available - none are implied by this page. International transfers, subprocessors, and regional hosting details are covered in commercial documentation and executed agreements where required.
Contact
For privacy questions, contact privacy@zitrino.com.