Security and Compliance
zizka.ai is designed with security, data protection, and regulatory compliance as core requirements. The system architecture enforces strict separation between artificial intelligence components, user data, backend infrastructure, and third-party tools.
Security by Design
Security is built into the platform from the beginning rather than added later. All components operate with minimal privileges and clearly defined access boundaries. No system component is trusted implicitly, and every interaction follows explicit rules and validation steps.
Data access within zizka.ai is tightly controlled. Artificial intelligence models do not have direct access to backend services, databases, or third-party tool credentials. All execution is handled exclusively by backend services that validate and control every action.
Data Privacy & AI Constraints
Artificial intelligence models only receive data that is explicitly passed to them by the backend or data that is already visible in the frontend user interface. There is no hidden or implicit data sharing.
zizka.ai follows a constrained agentic model for artificial intelligence. AI is used to translate user intent into structured commands and to analyze data that has already been retrieved by the backend. AI does not modify system state, access infrastructure, or make execution decisions autonomously.
We are legally bound with our AI and vector-database providers (OpenAI, Pinecone) so that they do not extract, use for training, or retain your data beyond the processing we instruct. No data is shared with them for any purpose other than providing the service.
Infrastructure & Compliance
The infrastructure for zizka.ai is hosted on AWS using industry-standard security practices. Access to cloud resources is restricted to authorized personnel, and encryption and access control mechanisms are applied consistently.
zizka.ai is designed in alignment with the EU AI Act. We are classified as a Limited Risk system (Article 52). Our current EU AI Act alignment is approximately 92%: transparency, human oversight, data minimisation, incident logging, GDPR rights, and contractual commitments with sub-processors (no extraction or training on your data) are in place.
In summary, zizka.ai is built to meet the expectations of security-conscious founders, enterprises, and regulators. The platform prioritizes control, transparency, and accountability over novelty or unchecked automation.