Z.AI Coding Plan
GDPR Compliance
Data Handling
Z.ai states it generally provides services from Singapore, and customer data is generally processed in Singapore. No EU-only processing option was found in the official documentation reviewed.
For API Services, Z.ai states it does not store content that customers or end users provide or generate while using the service; such content is processed in real time and not saved on its servers. Other customer data may be temporarily stored to provide API Services or comply with law, and deleted after termination unless law requires otherwise.
The consumer privacy policy says Z.ai may obtain publicly available internet information to train its models and may use personal data from consumer services to improve and train models. For API Services under the DPA, Z.ai states it processes customer data only on the customer's behalf and says API content provided or generated is not stored on its servers.
Certifications & EU AI Act
No certifications disclosed.
Verification
- https://docs.z.ai/legal-agreement/privacy-policy ↗
- https://docs.z.ai/legal-agreement/terms-of-use ↗
- https://docs.z.ai/api-reference/introduction ↗
- https://docs.z.ai/devpack/quick-start ↗
- https://docs.z.ai/guides/overview/pricing ↗
- https://docs.z.ai/legal-agreement/subscription-terms ↗
- https://z.ai/company ↗
Primary-source documentation identifies the provider entity as JINGSHENG HENGXING TECHNOLOGY PTE. LTD in Singapore. The strongest GDPR-relevant statement is the embedded API DPA, which says API content is processed in real time and not stored, while customer data is generally processed in Singapore; no public sub-processor list, SCC text, EU-only residency option, or security certification evidence was found in the reviewed official sources.