EU-hosted by default. Your LLM keys, your data. GDPR DPA on plan upgrade.
Production data is hosted in Azure West Europe. Your data does not leave the EU under the standard SMB plan. Self-hosted Docker Compose stack is available on the Business plan for customers that need it.
Bring your own Azure OpenAI, Mistral, OpenAI, or self-hosted model API key. Your customers' prompts never touch our LLM accounts — they go through your tenant directly.
A standard GDPR Data Processing Agreement is automatically attached when you upgrade to a paid plan. Sub-processor list is public. Trial users can request the DPA preview at any time.
Every launch App ships with an EU AI Act risk classification statement so your DPO has a paper trail. ZedFlows itself is a tooling layer — classification depends on what you build with it, and we surface the determination per App.
Business-plan customers get a per-organization audit log via /my/organization/security: every login, App install, workflow run, credential change, and admin action timestamped, exportable as JSON.
Every plan has a toggle that pauses execution at the monthly limit. We never auto-bill you over your tier — the cap lives in the product, not just on the marketing page.
Need anything else for your IT review? Email [email protected] — we'll come back within one business day with the security pack.