Privacy Policy

Your privacy and data security are fundamental to how we build and operate Myzel.

Last updated: September 23, 2025

Our Privacy Principles

EU Data Residency

All data is stored within the European Union and never leaves the EU.

Zero AI Training

Your data is never used to train AI models - it stays private to your organization.

Organization-Only Access

Only users within your organization can access your data.

GDPR Compliant

Enterprise-grade security with European data protection compliance.

1. Information We Collect

Account Information

When you create an account or join our waitlist, we collect:

  • Email address
  • Name (when provided)
  • Company information (when provided)
  • Authentication credentials (encrypted)

Connected Data Sources

When you connect external services, we may access:

  • Documents and files from connected platforms (Google Drive, Notion, Confluence, etc.)
  • Metadata such as file names, creation dates, and folder structures
  • User permissions and access controls from your connected services
  • Chat messages and communications (when explicitly connected)

Data Isolation: Your organization's data is completely isolated and only accessible to authorized users within your organization.

Usage and Analytics Data

To improve our service, we collect:

  • Usage patterns and feature interactions (via PostHog)
  • Website analytics (Google Analytics, LinkedIn Insight Tag)
  • Performance metrics and error logs
  • Device and browser information
  • IP addresses and location data (anonymized)

2. How We Use Your Information

Service Delivery

  • Process and analyze your connected data to provide AI-powered answers
  • Generate vector embeddings for semantic search within your organization
  • Maintain and update your knowledge base
  • Provide customer support

Product Improvement

  • Analyze aggregated, anonymized usage patterns
  • Monitor system performance and reliability
  • Develop new capabilities and integrations
  • Ensure security and prevent abuse

3. EU Data Residency & Protection

European Union Data Residency

Myzel is an EU-based company and all customer data is stored exclusively within European Union data centers. Your data never leaves the EU and is subject to the strictest European data protection standards.

Data Security

  • Data encrypted in transit (TLS 1.3)
  • Data encrypted at rest (AES-256)
  • EU-based secure data centers
  • GDPR-compliant infrastructure

Access Controls

  • Organization-isolated data access
  • Multi-factor authentication
  • Role-based permissions
  • Regular security audits

4. AI Processing & Data Privacy

Zero AI Training Commitment

We never use your data to train AI models. Your organization's data is processed solely to provide you with intelligent answers and remains completely private to your organization.

Private Processing

AI processing happens within your organization's isolated environment using EU-based infrastructure.

Vector Embeddings

Mathematical representations of your content are stored securely within the EU and remain private to your organization.

Source Attribution

All AI responses include citations linking back to your original sources for complete transparency.

No Model Training

Your data never contributes to training any AI models, public or private.

5. Data Access & Organization Isolation

Strict Access Controls

Organization-Only Access

Only authenticated users within your organization can access your data. There is no cross-organization data sharing or access.

Permission Inheritance

We respect and enforce all existing access permissions from your connected data sources.

Data Isolation

Each organization's data is completely isolated using technical and administrative safeguards.

6. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information or business data to third parties. Your data remains within the EU.

Limited data sharing may occur with:

  • EU Service Providers: Trusted EU-based partners who help us operate our service under strict data processing agreements
  • Legal Requirements: Only when required by EU law or to protect our rights and users' safety within EU jurisdiction
  • Business Transfers: In the unlikely event of a merger or acquisition, with continued EU data residency and privacy protection

AI Processing: All AI processing occurs within EU infrastructure. We do not share your data with external AI providers for training purposes.

7. Your GDPR Rights

Data Subject Rights

  • Right to access your personal data
  • Right to rectification (correct inaccurate data)
  • Right to erasure ("right to be forgotten")
  • Right to data portability
  • Right to restrict processing
  • Right to object to processing

Privacy Controls

  • Disconnect data sources anytime
  • Control which data is indexed
  • Manage user permissions within your organization
  • Request data deletion
  • Withdraw consent at any time
  • Receive data in portable format

8. Cookies and Tracking Technologies

We use cookies and similar technologies for:

Essential Cookies

Required for basic website functionality and security. Legal basis: Legitimate interest.

Analytics Cookies

Help us understand service usage (PostHog, Google Analytics). Legal basis: Consent.

Marketing Cookies

Used for advertising measurement and conversion tracking. Legal basis: Consent.

Preference Cookies

Remember your settings and preferences. Legal basis: Legitimate interest.

9. Data Retention

  • Account Data: Retained while your account is active and for up to 30 days after deletion for recovery purposes (EU-based storage).
  • Connected Data: Indexed content is retained as long as the data source is connected, and deleted within 7 days of disconnection.
  • Analytics Data: Aggregated analytics data is anonymized and retained according to GDPR requirements.

10. Legal Basis for Processing

Contract Performance

Processing necessary to provide our services:

  • Account management
  • Service delivery
  • Customer support

Legitimate Interest

For business operations that don't override your rights:

  • Service improvement
  • Security monitoring
  • Fraud prevention

11. Children's Privacy

Myzel is designed for business and enterprise use and is not intended for children under 16 years of age (or the applicable age of digital consent in your EU country). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable laws. When we make material changes affecting your rights, we will:

  • Post the updated policy on our website
  • Update the "Last updated" date
  • Notify you via email at least 30 days before changes take effect
  • Obtain new consent where required by GDPR

13. Contact Us

For questions about this Privacy Policy or to exercise your GDPR rights, please contact us:

Data Controller

Myzel Technologies Europe
[Your EU Business Address]
[City, Postal Code, Country]

Email: [email protected]

Privacy Inquiries

Email: [email protected]

GDPR Rights Requests: Please use the subject line "Privacy Request" and specify which right you wish to exercise.

Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe your data protection rights have been violated.