Security is the baseline, not a paid add-on.
Zumik collects the minimum data needed to operate the platform, defaults to metadata-only tracing, and is explicit about retention, routing, and deletion. We would rather state the strongest honest guarantee than market a vague one.
Tenant isolation
Every artifact, session, and cache namespace is scoped to a tenant. Internal fingerprints are HMAC-keyed per tenant, and rotating a key intentionally breaks equality linkage across systems.
Metadata-first tracing
The default trace mode stores timing, lineage, fingerprints, and usage - not raw prompts. Tokenized and encrypted full-fidelity modes are opt-in, per project.
Opaque handles
Public ids (art_, bnd_, ses_…) are random. We never expose raw content hashes, so leaked ids cannot reveal equality relationships or resurrect stale cache entries.
Layered rate limits
Limits apply at the gateway, project, and key level so one workload cannot starve another or be used to probe another tenant.
Supply-chain integrity
Dependencies are pinned and reviewed. We treat hallucinated-package and slopsquatting risks as real and verify every package against its registry.
Purge evidence
Delete revokes access; purge removes data and emits a receipt stating the strongest guarantee a profile can actually prove, plus any remaining retention window.
You decide how much a trace remembers.
| Mode | Stores | Use when |
|---|---|---|
| metadata | Timing, lineage, fingerprints, usage | Default. Diagnostics and routing without raw content. |
| tokenized | Token ids for reuse analysis | Deeper reuse debugging on a consenting project. |
| encrypted_full_fidelity | Encrypted raw content | Full replay fidelity where policy explicitly allows it. |
If you do nothing, Zumik runs in metadata mode. Raw prompt retention is always an explicit, per-project decision - never a silent default.
Least privilege for autonomous agents.
Agent rule files are treated as security-sensitive configuration: version-controlled and reviewed. Agentic sessions run with constrained permissions, and controlled friction is added at critical checkpoints - production execution, deletion, and infrastructure changes - so an agent cannot escalate beyond its intended scope.
The documents your reviewers will ask for.
Review the terms, privacy policy, cookie policy, sub-processor list, and DPA overview before production onboarding.
What we promise, in plain terms.
Trust is earned with specifics, not slogans. These are commitments we hold ourselves to and will tell you when we cannot meet.
Metadata by default
We store request metadata, not your prompt content, unless you explicitly turn on a content trace mode for a project.
No training on your content
We never use the content of your inputs or outputs to train third-party foundation models, and we never sell personal data.
Honest guarantees
We state the strongest deletion and reuse guarantee a profile can actually prove, with an evidence level attached - never a vague claim.
Sub-processors disclosed
Our sub-processor list is public, and we give advance notice before adding a new one so you can object.
Incidents posted first
When something breaks, we post it on status.zumik.ai and write up resolved incidents rather than quietly closing them.
Your data, your exit
You can export or delete your data at any time, and a purge returns a signed receipt describing exactly what was removed.
Security and privacy, answered.
Does Zumik store my prompts?
Not by default. The default trace mode is metadata-only: timing, lineage, fingerprints, and usage. Storing raw prompts requires explicitly choosing tokenized or encrypted full-fidelity tracing at the project level.
How is one tenant isolated from another?
State, cache namespaces, and fingerprints are tenant-scoped. Fingerprints use per-tenant HMAC keys, public handles are opaque, and rate limits are layered so cross-tenant probing and starvation are prevented.
What is the difference between delete and purge?
Delete revokes a handle so it can no longer be used. Purge removes the underlying state and returns a signed receipt with profile-specific evidence. On BYOC profiles, purge evidence can be runtime-confirmed.
Can I keep data in a specific region or under my own keys?
Yes. BYOK keeps the provider relationship and retention under your account. BYOC keeps the data plane in your cloud with regional isolation and private networking. Both are scoped by policy.
Request the security and compliance packet
Metadata-first defaults, opaque handles, and profile-specific purge evidence. Email us for the security packet.