What is ZentraReg AI?

ZentraReg AI is an AI-powered regulatory intelligence platform that helps pharmaceutical professionals navigate ICH, FDA, and EMA guidelines. It provides instant, source-cited answers to complex regulatory questions and can validate uploaded documents against current compliance requirements.

Which guidelines does ZentraReg AI cover?

ZentraReg AI covers over 700 official regulatory documents including ICH Quality guidelines (Q1–Q14), Safety guidelines (S1–S11), Efficacy guidelines (E1–E20), and Multidisciplinary guidelines (M1–M13), as well as selected FDA and EMA guidance documents.

Is my data safe with ZentraReg AI?

Yes. ZentraReg AI uses enterprise-grade Google Cloud infrastructure with zero-retention AI processing. Your queries and uploaded documents are never used to train or improve AI models. All data is encrypted in transit (TLS 1.3) and at rest (AES-256).

Can I use ZentraReg AI for free?

Yes. ZentraReg AI offers a free tier with 5 questions per day and 50 questions per month. Premium subscribers get unlimited access, enhanced document upload capabilities, and priority processing.

Can I upload my own documents for AI analysis?

Yes. You can securely upload PDF, DOCX, and PPTX files for AI-powered compliance analysis. Uploaded documents are processed transiently and are never stored beyond the active analysis session.

Privacy Policy

Effective date: March 12, 2026

1. Introduction

ZentraReg AI ("we," "us," or "our"), operated by Aezis a.i. LLC, provides an AI-powered regulatory intelligence platform for pharmaceutical, clinical, and veterinary compliance professionals. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website and services at zentraregai.aezisai.com.

We are committed to protecting your privacy and complying with applicable data protection laws worldwide, including the GDPR, CCPA/CPRA, PIPEDA, LGPD, POPIA, APPs, PDPA, and APPI. Our platform is designed to assist professionals and operates in compliance with the transparency requirements of the EU AI Act.

2. Information We Collect

Account Information

Email address (provided during registration or via Google Sign-In)
Authentication identifiers (Firebase UID)
Account creation and last login timestamps

Usage Data

Questions submitted to the AI advisor (stored as truncated fragments for history)
Daily and monthly question counts
IP addresses — used solely for rate limiting and abuse prevention; not linked to user accounts
Session identifiers for single-device enforcement

Uploaded Documents

Documents (PDF, DOCX, PPTX) uploaded for AI analysis
These files are processed transiently and not persisted beyond the active processing window — they are deleted upon completion of the analysis session

Payment Information

Subscription status and billing period dates
PayPal subscription identifiers
We do not store credit card numbers, bank accounts, or other payment instrument details — all payment processing is handled securely by PayPal

3. How We Use Your Information

Service delivery — processing your queries and returning AI-generated regulatory guidance
Account management — authentication, session management, and subscription handling
Usage enforcement — applying daily/monthly question limits and rate controls
Communication — responding to contact form inquiries and sending account-related notifications
Service improvement — analyzing aggregated, non-identifiable usage patterns (such as query volume or feature popularity) to optimize platform performance
Legal compliance — fulfilling legal obligations and protecting our rights

4. Legal Bases for Processing (GDPR)

Under the GDPR, we process your personal data based on:

Contract performance — processing necessary to provide you with the service you subscribed to (Art. 6(1)(b))
Legitimate interests — service security, fraud prevention, and service improvement (Art. 6(1)(f))
Consent — where you have given explicit consent, such as for marketing communications (Art. 6(1)(a))
Legal obligation — where processing is required by applicable law (Art. 6(1)(c))

5. Data Processing & Storage

Your data is processed and stored using the following infrastructure:

Google Cloud Platform (GCP) — Firebase Authentication, Cloud Firestore (database), Cloud Functions (backend), and Firebase Hosting — data is stored in GCP data centers in the United States
Google Gemini AI (via Google Cloud Vertex AI API) — your questions and uploaded documents are sent to Google's Gemini API for processing; uploaded files are not persisted beyond the active processing window. We use the enterprise Vertex AI API, which guarantees that your data is not used to train Google's foundation models
Google Vertex AI Search (Enterprise edition) — queries are matched against our official regulatory document database to retrieve relevant context. As an enterprise service, your query data is not used to improve Google's models

All data transmissions are encrypted using TLS 1.3 (or latest industry standard) in transit. Data at rest in Cloud Firestore is encrypted using AES-256 by default.

6. Third-Party Services & Sub-processors

We engage the following sub-processors to deliver our service. This list is maintained in accordance with GDPR Article 28 requirements. We will notify registered users of any changes to this list at least 30 days before a new sub-processor begins processing personal data.

List of Sub-processors

Entity	Location	Processing Activity	Data Categories	Transfer Mechanism
Google LLC (Firebase)	United States	Authentication, database storage, serverless compute, web hosting	Email, UID, usage data, chat history	SCCs, EU-US DPF
Google LLC (Vertex AI / Gemini API)	United States	AI response generation — enterprise API; customer data is not used to train models	Questions, uploaded documents (transient)	SCCs, EU-US DPF
Google LLC (Vertex AI Search Enterprise)	United States	Regulatory document retrieval — enterprise API; query data is not used to train models	Search queries	SCCs, EU-US DPF
PayPal Holdings, Inc.	United States	Subscription payment processing	Subscription ID, user ID (as custom_id)	SCCs, EU-US DPF

SCCs = Standard Contractual Clauses | EU-US DPF = EU-US Data Privacy Framework

Each sub-processor operates under a Data Processing Agreement (DPA) that meets the requirements of GDPR Article 28. To request a copy of our DPA or sub-processor agreements, contact info@aezisai.com.

7. Data Retention & Deletion

Account data — retained for as long as your account is active. Upon account deletion, personal data is removed within 30 days
Chat history fragments — retained to provide in-session conversation context for the user; deleted upon account deletion. Chat history is not used to train, fine-tune, or improve any AI models
Uploaded documents — processed transiently and deleted from Google servers after AI analysis
Payment records — subscription metadata is retained for the duration required by applicable tax and accounting laws
Rate-limiting records — consisting of IP address fragments or hashes, kept separately from account profiles and automatically reset daily

AI-Specific Data Use: We strictly utilize "Zero-Retention" or "No-Training" enterprise API tiers. Your proprietary queries and documents are processed in a volatile memory environment and are never used to update Google's foundation models or Aezis a.i. LLC's internal algorithms.

To request deletion of your data, contact us at info@aezisai.com.

8. Your Rights by Region

Depending on your location, you may have the following rights regarding your personal data:

🇪🇺 European Union / EEA — GDPR

Right of access — obtain a copy of your personal data
Right to rectification — correct inaccurate or incomplete data
Right to erasure ("right to be forgotten") — request deletion of your data
Right to data portability — receive your data in a structured, machine-readable format
Right to object — object to processing based on legitimate interests
Right to restrict processing — request limitation of processing
Right to withdraw consent — withdraw consent at any time without affecting prior processing
Right to lodge a complaint — file a complaint with your local supervisory authority

🇺🇸 California, USA — CCPA / CPRA

Right to know — what personal information is collected, used, shared, or sold
Right to delete — request deletion of personal information
Right to opt-out — opt out of the sale or sharing of personal information for cross-context behavioral advertising (we do not sell or share personal data for such purposes)
Right to correct — correct inaccurate personal information
Right to limit use of sensitive personal information
Right to non-discrimination — no penalty for exercising your privacy rights

🇨🇦 Canada — PIPEDA

Right to access — request access to your personal information held by us
Right to challenge accuracy — request correction of inaccurate information
Right to withdraw consent — withdraw consent for collection, use, or disclosure
Right to complain — file a complaint with the Office of the Privacy Commissioner of Canada

🇧🇷 Brazil — LGPD

Right to confirmation and access — confirm and access your personal data
Right to correction — correct incomplete or inaccurate data
Right to anonymization, blocking, or deletion — of unnecessary or excessive data
Right to data portability — transfer data to another service provider
Right to information — know which entities your data is shared with
Right to revoke consent — revoke consent at any time

🇿🇦 South Africa — POPIA

Right to access — request access to your personal information
Right to correction or deletion — correct or delete personal information
Right to object — object to processing of your personal information
Right to complain — submit a complaint to the Information Regulator

🇦🇺 Australia — Australian Privacy Principles (APPs)

Right to access — request access to your personal information
Right to correction — request correction of inaccurate information
Right to complain — lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

🇸🇬 Singapore — PDPA

Right to access — request access to your personal data and how it has been used
Right to correction — request correction of errors or omissions
Right to withdraw consent — withdraw consent for collection, use, or disclosure

🇯🇵 Japan — APPI

Right to disclosure — request disclosure of your personal information
Right to correction — request correction, addition, or deletion of inaccurate data
Right to cessation — request cessation of use or provision to third parties

To exercise any of these rights, contact us at info@aezisai.com. We will respond within the timeframe required by applicable law (typically 30 days).

9. International Data Transfers

Your personal data may be transferred to and processed in the United States, where our infrastructure providers (Google Cloud Platform, PayPal) operate. For transfers from the EU/EEA, we rely on:

Standard Contractual Clauses (SCCs) adopted by the European Commission
Google Cloud's compliance with the EU-US Data Privacy Framework

10. Cookies & Local Storage

We use minimal browser storage for essential functionality only:

Item	Type	Purpose
Firebase Auth tokens	Cookie / IndexedDB	Authentication session
zentra_session_id	localStorage	Single-device session enforcement

We do not use advertising or tracking cookies. We do not use analytics cookies.

11. Data Security

We implement industry-standard security measures including:

TLS 1.3 (or latest industry standard) encryption for all data in transit
AES-256 encryption for data at rest (Cloud Firestore)
Firebase Authentication with email verification
Single-session enforcement to prevent concurrent unauthorized access
Server-side input validation and rate limiting
Deletion of uploaded documents upon completion of each analysis session

12. Children's Privacy

Our service is intended for professionals in the pharmaceutical and regulatory industries and is not directed at individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided personal data, we will take steps to delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify registered users of material changes via email or a prominent notice in the application. Your continued use of the service after the effective date constitutes acceptance of the updated policy.

14. Contact Information

For privacy-related inquiries, data access requests, or complaints:

Aezis a.i. LLC

Email: info@aezisai.com

We aim to respond to all privacy requests within 30 days (or sooner where required by applicable law).