Privacy Policy

    Last Updated: December 15, 2025

    Zivis, LLC ("Zivis," "we," "our," or "us") operates zivis.ai, including our business services and free online tools.

    This Privacy Policy explains how we collect, use, share, and protect information. It reflects our guiding principle:

    Your data is your data. We only use it with your knowledge and permission.

    By engaging with our website or services, you acknowledge this Policy. If you do not agree, please refrain from using our services.

    1. Scope & Purpose

    Business Services: We provide consulting, assessments, and AI trust readiness services. Data is used strictly to deliver contracted services and, if permitted, to contribute to anonymized benchmarking datasets.

    Free Online Tools: We provide free security, AI, and developer tools. Some tools process data entirely in your browser (client-side), while others require server-side processing. Data handling varies by tool as described below.

    2. Information We Collect

    From Business Clients (Zivis.ai):

    • Contact details (name, email, role, organization)
    • Engagement scope documents and communications
    • Technical/system data needed for assessments (e.g., architecture details, logs, reports)
    • Only information relevant to the engagement, as defined by contract

    From Free Tool Users:

    • Client-side tools (Base64, URL encode/decode, JWT decoder, JSON formatter, Hidden Unicode Detector, Output Leak Detector, MCP Permission Analyzer): Your data is processed entirely in your browser and is NOT transmitted to our servers
    • Server-side tools (DNS Lookup, DMARC/SPF/DKIM Checker, SSL Checker, AI Readiness Checker, Quantum Readiness Checker, AI Trust Assessment, Prompt Hardening Advisor): Domain names or URLs you submit are transmitted to our servers for processing
    • AI Trust Assessment: Assessment results (domain, scores, control statuses) may be stored to enable shareable reports and unlock features
    • Newsletter subscriptions: Email addresses provided for newsletter signup or to unlock premium features
    • Server logs: Standard web server logs including IP addresses, browser type, and timestamps (retained for security and operational purposes)

    Note: We do not collect or store the actual content you analyze with client-side tools. For server-side tools, we process only the domain/URL you provide—we do not access your systems or collect data beyond what is publicly available.

    3. How We Use Information

    Business Clients

    • Deliver contracted services and assessments
    • Produce trust reports and readiness evaluations
    • Communicate securely with client stakeholders
    • Improve methodologies in anonymized, aggregate form

    Free Tool Users

    • Perform the requested analysis and return results to you
    • Send requested communications (newsletters, if you opt in)
    • Improve tool functionality through aggregated, anonymized usage patterns
    • Maintain security and prevent abuse of our services
    • Generate anonymized, aggregate statistics about tool usage (e.g., most common issues detected)

    We never sell identifiable personal or organizational data.

    4. Core Data Principles

    • Consent First – Data use requires permission.
    • Limited Use – Data is only used for its stated purpose.
    • Transparency – We explain use at or before collection.
    • Control – You choose how your data may be included (private, anonymized, attributed).
    • Security – We safeguard all data with industry-standard protections.

    5. Aggregated & Anonymized Data

    Zivis may create aggregated, anonymized datasets from information collected through our business services and free tools. These datasets cannot reasonably be used to re-identify individuals or organizations.

    Potential Uses:

    • Internal research and service improvement
    • Benchmarking across sectors (e.g., average maturity scores, adoption trends)
    • Public reports on AI trust and governance
    • Licensed access or sale of anonymized insights to third parties (e.g., researchers, policymakers, businesses)

    Your Control:

    You will always be given options to:

    • Exclude your data from aggregation
    • Allow inclusion only for internal anonymized analysis
    • Allow inclusion in anonymized datasets that may be published or sold

    We will honor your preference. Identifiable information is never included in sold or shared datasets.

    6. Data Protection & Security

    • Encryption in transit and at rest
    • Role-based access controls
    • Secure credential handling and deletion after engagements
    • No training of AI models on client data

    Retention:

    • Business clients: typically 90 days post-engagement (unless otherwise agreed)
    • Free Tools: Server logs retained for up to 90 days; AI Trust Assessment results retained indefinitely to support shareable reports; newsletter subscriptions retained until you unsubscribe

    7. Use of AI in Operations

    We may use AI systems to support operations, such as:

    • Organizing or summarizing survey responses
    • Drafting reports or highlighting anomalies
    • Automating workflows for intake or communications

    Key Principles:

    • Always under human oversight
    • No training or fine-tuning on client data
    • Disclosure if third-party AI services are used
    • Strict limits to operational support, not decision-making

    8. Your Rights

    Depending on your jurisdiction, you may have rights to:

    • Access, correct, or delete your data
    • Restrict or object to processing
    • Data portability
    • Know what we collect and how it is used
    • Opt out of sale (we do not sell personal data; anonymized sale requires permission)
    • Non-discrimination for exercising your rights

    To exercise rights, contact us at privacy@zivis.ai.

    9. Third-Party Tools & Service Providers

    Business Services: Tools or APIs used during engagements are documented and require client approval.

    Free Tools: We use the following third-party services:

    • Microsoft Azure: Cloud infrastructure for hosting our tools and APIs, and for storing AI Trust Assessment results (Azure Table Storage). Data is processed in the United States.
    • Mailchimp: Email marketing platform for newsletter subscriptions. When you subscribe, your email address is shared with Mailchimp. See Mailchimp's Privacy Policy.
    • Visitor Analytics: We use analytics tools to better understand how visitors interact with our site. These tools may use IP address lookups to identify the organizations visiting our site (not individual users) to help us improve our services and understand our audience. This data is used for business development purposes and is not shared with third parties beyond the analytics providers.

    We do not use cross-site tracking or sell visitor data to third parties.

    10. Data Transfers

    Data may be stored and processed in the United States or other jurisdictions. Safeguards (such as Standard Contractual Clauses) are applied for international transfers.

    11. No Legal Advice

    Zivis is not a law firm. References to GDPR, HIPAA, NIST AI RMF, SOC 2, or other standards are for informational purposes only. Consult legal counsel for compliance.

    12. Changes to This Policy

    We may update this Policy to reflect operational, legal, or regulatory changes. Updates will be posted with a revised "Last Updated" date. Material changes will be communicated via appropriate channels.

    13. Contact

    For privacy questions or to exercise your rights:

    📧 privacy@zivis.ai
    🔑 PGP key available upon request for secure communication