Skip to main content

Kazaar Data Security & AI – FAQ

Updated

Purpose:
This list of questions provides transparency on how client data is processed within the Kazaar platform, including AI-powered features and core platform operations.

 

Q1. Is the AI feature mandatory?

No. The Brief AI assistant is fully optional.
Users may submit briefs manually without triggering any AI processing.

 

Q2. When is data sent to OpenAI?

Data is transmitted only when:

  • A user actively chooses to use the AI assistant
  • The organization has accepted the applicable AI terms

If the AI feature is not used, no data is transmitted to OpenAI.

 

Q3. What Data is Transmitted?

Only the content entered by the user in the AI chat conversation is transmitted. The Kazaar platform does not automatically extract or send any of the following:

  • Email addresses or personal contact information
  • Artwork, creative files, or visual assets
  • Internal documents (quote, purchase orders, delivery notes, etc.)
  • Attached files of any kind
  • Transactional data
  • User credentials or authentication tokens

 

Q4. Is your data used to train OpenAI models?

No.
Kazaar uses OpenAI via its Business API. Under OpenAI’s API policy (effective March 1, 2023):

  • Data submitted via the API is not used to train or improve OpenAI models
  • This differs from consumer ChatGPT usage

 

Q5. How long is AI data retained?

  • API inputs and outputs may be retained by OpenAI for up to 30 days for abuse monitoring
  • After 30 days, data is permanently deleted
  • Zero Data Retention (ZDR) can be requested for qualifying enterprise cases

 

Q6. How is AI data secured?

  • Data encrypted in transit (TLS 1.2+)
  • Data encrypted at rest (AES-256)
  • Secure API transmission between Kazaar and OpenAI

 

Q7. Where are OpenAI sub-processors listed?

OpenAI maintains a public sub-processor list:
https://openai.com/policies/sub-processor-list/

 

Q8. Can clients disable AI usage?

Yes.
Clients can:

  • Use manual brief submission exclusively
  • Choose not to activate the AI assistant

If unused, no AI-related data processing occurs.

 

Q9. Are additional AI control options planned?

Yes. On roadmap:

  • LLM switching (choice of provider)
  • Bring Your Own LLM (BYOLLM) for enterprise-controlled infrastructure

 

Q10. Is client data shared with other clients?

No.
Kazaar operates with strict data isolation. Kazaar may use aggregated and de-identified data for platform improvements and insights, but this data cannot be traced to any one client.

The following data are never shared across clients:

  • Order history and volume
  • Product specifications and catalog data
  • Negotiated pricing and commercial terms
  • User accounts and activity logs
  • Workflow configurations

 

Q11. Does Kazaar use client data for benchmarking or resale?

No.
Kazaar does not perform benchmarking using identifiable client data nor does it resale any identifiable data.

 

Q12. How is client data segregated?

Kazaar ensures:

  • Logical workspace isolation per client
  • Role-based access controls
  • Full audit trails of data access

 

Q13. Where is data hosted?

Kazaar infrastructure is hosted on GCP in the Belgium, compliant with EU data protection regulations (GDPR).

 

Q14. Is Kazaar GDPR compliant?

Yes.
Kazaar operates under GDPR-compliant data processing principles and signs DPAs with clients where required.

 

Q15. Is audit logging available?

Yes.
All user actions are logged through system audit trails, ensuring traceability and compliance monitoring. This data can be retrieved by the client upon request.