Azure Private Hosting for Zebra AI Enterprise Security Policy

This is a single-tenant environment, managed by Zebra AI, where your organization’s data, user accounts, and AI workflows are hosted on exclusive resources – a separate server instance and database on Microsoft Azure. This approach offers additional performance, security, and customization benefits compared to our standard multi-tenant deployment.

• Your data runs on its own server, isolated from others, using separate Azure compute, database, and AI services.
• Exclusive resources ensure faster and more consistent service.
• Strict access controls with IP checks.
• Choose the Azure region that best fits your needs.
• Options like incognito mode and customizable chat storage.
• No analytics and bug tracking.
• Custom settings, like visual style, language, and data description.
• Extensive logging and admin control.

We use industry-standard encryption at all stages: 

• In-Transit: All communication between your client and the Zebra AI Dedicated Cloud servers is protected by SSL/TLS (HTTPS), ensuring data can’t be intercepted or tampered with in transit.
• At Rest: Any data stored on your dedicated Azure server and database is protected using 256-bit AES encryption. This applies both to temporary data (e.g., uploaded datasets) and to any persisted records (e.g., user profiles or stored chat histories).

Within the Dedicated Cloud setup, all services are hosted on Microsoft Azure in your chosen region, so your data never leaves the Azure network.  

You can use Microsoft SSO (single sign-on) to log into your Dedicated Cloud instance. During the first login, users grant permissions for basic profile data (e.g., name, email). The authentication token is stored as a secure cookie in the user’s browser, eliminating the need to log in repeatedly. 
Access to the dedicated service will be provided through a special domain. For customers who wish to use their company domain to resolve to our server, please contact us for assistance with setting up custom domains. 
Additionally, IP whitelisting can be implemented as an extra security measure to control access to the service. 

Like the standard Zebra AI service, the Dedicated Cloud stores a secure, encrypted authentication cookie in the user’s browser so they remain logged in. We do not read or track any cookies from other websites or services. 

When you upload data:

1. It is received by your dedicated Zebra AI server, hosted in Microsoft Azure.
2. The service processes the data within the same Azure environment for generating charts, summaries, and other AI-driven insights.
3. Data is deleted immediately once your session ends (e.g., upon logout or page refresh) unless you choose to store certain outputs (like a chart or story).
4. By default, we rely on Azure OpenAI for AI processing, so your data and the AI calls remain within Microsoft Azure data centers. 

Incognito Mode
To help with compliance or extra privacy requirements, we can offer an “Incognito Mode.” When activated, no session data, including story history or queries and AI-generated outputs, is retained after you close your session. 

If you integrate with Microsoft Power BI: 

• You grant Zebra AI (running on your dedicated server) the permissions to read datasets or reports you choose to connect.
• A time-limited authentication token from Power BI allows your dedicated server to query the dataset.
• We only store dataset metadata (connection info, the DAX queries you ran) for convenience. The actual dataset results used during analysis are deleted from memory after your session ends. 

By default, your Dedicated Cloud instance can store chat histories (stories) to let you review or share them later. However: 

• You can disable or selectively delete stored stories at any time.
• If you enable “Incognito Mode,” no stories or chat logs are stored by default. 

When you share stories with colleagues in the same Dedicated Cloud environment, we create copies in the database so all authorized users can see them. You can delete these copies at any time. 

If you integrate with Microsoft Power BI: 

• If enabled, any disliked chart or AI answer can be flagged and stored for internal review by your team (or by Zebra AI support, if you opt in).
• Since everything runs on your dedicated Azure instance, no external service is involved unless you specifically enable it. 

Unlike our standard multi-tenant service, in your Dedicated Cloud environment these integrations are optional. 

• Application Analytics: If enabled, we can run analytics tracking on your dedicated server, or you can integrate your own analytics.
• Error and Usage Tracking: These services are disabled by default to prioritize privacy, meaning we do not collect any data. If you have specific requirements or would like to explore alternatives, please contact us to discuss availability and implementation options. 

By default, nowhere – your Dedicated Cloud environment operates entirely on Microsoft Azure. If you choose to enable external services (e.g., external logging or your organization’s AI endpoints), we work with you to configure the minimal data flow needed. 

Contact your sales representative or fill the form here: https://zebra-ai.com/contact-sales/.