Legal
Privacy Policy
Effective date: July 6, 2026 · Last updated: July 6, 2026
This Privacy Policy describes how ZTAI Security Advisors LLC (doing business as ZTAI.AI, "ZTAI," "we," "us," or "our"), a California limited liability company, collects, uses, discloses, and protects personal information — and your rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).
1. Information We Collect
We collect personal information you provide directly when you submit our AI security assessment intake form. The categories of personal information we collect include:
- Identifiers — full name, work email address.
- Professional or employment-related information — company name, company website URL, description of your organization's AI architecture.
- Internet or network activity — IP address, browser type, pages visited, and time stamps collected automatically via server logs when you access ztai.ai.
We do not knowingly collect sensitive personal information (as defined under CPRA), financial information, precise geolocation data, or personal information from individuals under 16 years of age.
2. How We Use Your Information
We use the personal information we collect for the following business purposes:
- Processing and responding to your AI security assessment intake request.
- Conducting required Know Your Customer (KYC) and U.S. Export Control screening under the Export Administration Regulations (EAR) prior to any technical exchange.
- Communicating with you regarding your assessment, engagement scope, and follow-up.
- Improving our services and product roadmap based on client needs.
- Complying with applicable legal obligations.
We do not use personal information for automated decision-making that produces legal or similarly significant effects, and we do not sell or share personal information for cross-context behavioral advertising.
3. Disclosure of Your Information
We do not sell your personal information. We may share your information with:
- Service providers — third-party vendors who assist us in operating our website and delivering services (e.g., email delivery, form submission processing, hosting), bound by confidentiality obligations.
- Legal compliance — government authorities or other parties when required by law, court order, or to protect the rights and safety of ZTAI or others.
- Business transfers — in connection with a merger, acquisition, or sale of assets, subject to standard confidentiality protections.
We do not disclose personal information to third parties for their own marketing purposes.
4. Your Rights Under CCPA / CPRA
If you are a California resident, you have the following rights with respect to your personal information:
Right to Know
You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom we share it.
Right to Delete
You may request that we delete personal information we have collected about you, subject to certain exceptions (e.g., where retention is required to complete a transaction you requested or to comply with a legal obligation).
Right to Correct
You may request that we correct inaccurate personal information we maintain about you.
Right to Opt-Out of Sale or Sharing
We do not sell or share personal information as defined under CCPA/CPRA. No opt-out mechanism is required, but you may contact us to confirm this at any time.
Right to Limit Use of Sensitive Personal Information
We do not collect sensitive personal information beyond what is described in Section 1, and we do not use it for purposes beyond those permitted under CPRA.
Right to Non-Discrimination
We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny services, charge different prices, or provide a different level of service based on your exercise of these rights.
How to submit a request: To exercise any of the rights above, submit a verifiable consumer request by emailing privacy@ztai.ai with the subject line "CCPA Privacy Request." We will respond within 45 days. We may need to verify your identity before fulfilling your request.
5. Data Retention
We retain personal information for as long as necessary to fulfill the purposes described in this policy — typically the duration of an active client engagement plus a reasonable period thereafter — and as required to comply with legal obligations, resolve disputes, and enforce our agreements. Export control records are retained for the minimum period required by applicable regulations.
6. Security
We implement reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction. As an AI security company, security is central to our operations. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.
7. Third-Party Links
Our website may contain links to third-party websites (for example, aivss.owasp.org). We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.
8. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our website after changes constitutes your acceptance of the updated policy.
9. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
ZTAI Security Advisors LLC (ZTAI.AI)
Privacy inquiries: privacy@ztai.ai
Website: ztai.ai
State of incorporation: California, United States