PRIVACY POLICY
Last updated 01.03.2023

We are committed to maintaining the confidentiality of your personal information and attach great importance to protecting your privacy, when processing some of your Personal Data, in accordance with current regulations, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of Personal Data (the “GDPR”), as well as French law No. 78-17 of January 6, 1978 (as amended).We invite you to read this document (the “Privacy Policy”) carefully. If you have any questions about our Privacy Policy and, in general, about the collection and processing of your Personal Data by Zama please do not hesitate to contact us at: privacy@zama.ai.

Scope

This Privacy Policy governs and details the main principles that Zama applies to the Personal Data we collect and process to run our corporate website zama.ai (the “Website”).

The purpose of this Privacy Policy is to provide you with all the important information and explanations about how and why some of your Personal Data may be collected and processed by Zama when you browse on the Website. 

This Privacy Policy also aims to remind you about your data protection rights and to provide you with all the elements you need to exercise them.

Important Definitions

- “Personal Data” means any information relating to an identified or identifiable natural person that identifies the person directly (e.g. the name, an identification number) or indirectly (e.g. connection data)

- “Processing” (of Personal Data) means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, storage, disclosure by transmission, etc. 

- “Controller” means someone who determines the purposes and means of Processing 

- “Processor” means someone who processes Personal Data on behalf of and on the instructions of the Controller

How we collect and process some of your Personal Data?

We collect and process:

(i) Personal Data you voluntary and knowingly provide us 

We confirm that providing the Personal Data in this context is voluntary and that it is not subject to a statutory or contractual requirement

(ii) Analytics information

i.e. information about your use of the Website and your interaction with our Website’s contents

(iii) Personal Data you voluntary and knowingly provide us 

You do not have a legal duty to provide any of the above information. However, you may not be able to submit an inquiry or an application for a job position on our Website without providing the required information.

a. Inquiries / Requests

You can submit an inquiry through our Website. You may be asked to provide information such as your name, email address, and other relevant information related to the request. 

b. Job Opportunities

You may apply for career opportunities at Zama through the Website. To do so, we will ask you to provide information such as your name, current position, postal address, email, phone number, your web presence, and an option to provide additional information in an email and your CV. The mandatory fields for completion will be marked.When you apply for a job via the Website, your Personal Data is managed by Coruscant SAS (Welcome Kit / Welcome to the Jungle), our services provider. All the information concerning the Processing of your Personal Data in this context can be accessed here: https://www.welcometothejungle.com/fr/pages/privacy-policy  

c. Newsletters

You may subscribe to our Newsletters by providing your email address. 

d. GitHub, Community Forum, and FHE.org Discord 

You may use these tools to communicate with Zama’s Team, other Website’s visitors, and FHE.org Community members. 

When using GitHub (GitHub B.V.), your Personal Data is managed by GitHub B.V. We inform you that we have no control over the use of your Personal Data by GitHub B.V. which acts as Controller within the meaning of the GDPR. All the information concerning the Processing of your Personal Data in this context can be accessed here: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statementWhen using the FHE.org Discord (Discord Inc.), your Personal Data is managed by Discord Inc. We inform you that we have no control over the use of your Personal Data by Discord Inc. which acts as Controller within the meaning of the GDPR. All the information concerning the Processing of your Personal Data in this context can be accessed here: https://discord.com/privacy 

Why do we collect and process some of your Personal Data?

When you browse on the Website, we can collect and process some of your Personal Data for various legitimate purposes.

You will find below explanations regarding the reasons why Zama may collect some of your Personal Data and the legal basis Zama relies on in each case. 

We collect and process some of your Personal Data: 

- To respond to your inquiry / request

We will use your information to contact you about and handle your inquiry or request.Legal basis: Article 6-1(f) of the GDPR - Legitimate interest (responding to your request)

- To consider your application for a job position

We will use your information to review your candidacy, consider you for the open job position (or other relevant open positions we may have), and update you as to the status of your candidacy. Legal basis: Article 6-1(f) of the GDPR - Legitimate interest (responding to your candidacy) + Article 6-1(b) of the GDPR – Pre-contractual measures (taking pre-contractual steps in evaluating your application for an open position)

-To manage contact forms

We will use your information to contact you about and handle your inquiry or request.Legal basis: Article 6-1(f) of the GDPR - Legitimate interest (responding to your request)

- To manage Newsletters sending

We will use your information to send you Zama’s newsletters upon your request.Legal basis: Article 6-1(f) of the GDPR - Legitimate interest (responding to your request)

-To manage Zama’s Blog

We will use your information to run Zama’s Blog and ‘News’ pages. Legal basis: Article 6-1(f) of the GDPR - Legitimate interest (blog management)

-To provide communication tools

Our Website also offers access via third-party tools including GitHub and the FHE.org Discord, which are communication tools allowing users to share content and code on social networks and online storage facilities. When you interact with such social media widgets, “share buttons”, or third-party code review sites, these social networks and companies may collect information about you and/or your device and connection. Your interactions with these services are governed by the respective privacy policies of the companies providing these services. For more information on the data protection and privacy practices of these companies, you can refer to their specific policies listed below:

Github
https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement

Discord
https://discord.com/privacy

- To manage requests to exercise GDPR rights

We will use your information to contact you about and handle your GDPR inquiry or request.Legal basis: Article 6-1(c) of the GDPR – Compliance with a legal obligation

-To manage compliances and disputes

We will use your information to resolve any potential disputes or problems in connection with the use of the Website.Legal basis: Article 6-1(f) of the GDPR - Legitimate interest (defense of our rights)

- Who are the recipients of your Personal Data?

(i) Internal recipients of your Personal Data: The recipient of your Personal Data is the authorized staff of Zama.

(ii) External recipients of your Personal Data which act as Processors within the meaning of the GDPR and process data on behalf of Zama, according to our instructions and in compliance with any appropriate security and confidentiality measures:

- Webflow (hosting service provider)
11th Street, 2nd Floor
San Francisco, CA 9410

- Coruscant SAS (Welcome Kit / Welcome to the Jungle RH Solution)
24 rue du Mail – 75002
ParisRCS Paris No. SIREN 802 162 628

(iii) External recipients of your Personal Data which act as Controllers within the meaning of the GDPR:

- GitHub B.V. (hosting service provider)
Prius Bernhardplein 200 99135 
The Netherlands
Registration No. 808709794

- Discord Inc. (messaging social platform)
444 De Haro St Suite 200 San Francisco
CA 94107, United States

(iv) Authorities
Only to the extent we are obliged to by applicable laws and regulations.

- For how long is your Personal Data stored?

We undertake to keep your Personal Data only for as long as strictly necessary for the processing operation(s) declared for the purposes mentioned above, and in any event within the limits imposed by law.

- Administration of the Website: login data, where relevant, is kept for a maximum of 6 months

- Personal Data in forms: we erase your Personal Data immediately by receiving a withdrawal request or objection or in case of two (2) years of ongoing inactivity

- Management of Newsletters sending: your Personal Data is erased within one month after you exercise your opt-out option

- Processing of job applications: your Personal Data is kept for two (2) years from the time of Zama’s last contact with you (except your previous erasure request); in the event of legal action, your Personal Data is archived for five (5) years (civil prescription)

- Management of general inquiries and requests: your Personal Data is erased within one month after Zama’s last contact with you 

- Management of requests to exercise GDPR rights: your Personal Data is kept for six (6) years for the exercise of the right of opposition (criminal prescription) and for five (5) years for other rights (civil prescription)

- Management of compliances and disputes: your Personal Data is kept for five (5) years (civil prescription)
In any event, we undertake to delete your Personal Data from our databases at the end of these various periods, subject to the retention of certain information in order to meet our legal, accounting and tax obligations.

Do we transfer your Personal Data outside the EEA?

The global economic context and the associated internationality of our activity mean that data can be exceptionally accessed outside the Economic European Area (“EEA”) via our contractors and partners, provided such access is necessary and based on legal grounds. In such case, we ensure that:

- The Personal Data is transferred to countries recognized as offering an adequate level of protection or,

- For Personal Data exceptionally transferred outside of countries recognized by the European Commission as having a sufficient level of protection, any of the mechanisms offering appropriate guarantees is used, for which provision is made by applicable regulations, and notably the adoption of the standard contractual clauses of the European Commission.

How do we protect your Personal Data?

We are committed to ensuring that your Personal Data is duly protected. 

To prevent unauthorized access, disclosure, modification, damage or destruction, we have taken appropriate physical, technical, and organizational security measures to protect the Personal Data we collect and process.

To this end, Zama and our technical and hosting service providers implement necessary measures to ensure the integrity, confidentiality, and security of your Personal Data (in particular by complying with the requirements of applicable personal data protection regulations).

As such, we have chosen to host your data on servers located within the European Union, more precisely in Frankfurt and Amsterdam.

Are there cookies on the Website?

Zama does not use any cookies or similar technologies on the Website.

What are your rights and how can you contact us?

Regarding the use of the Website, you have the following rights under the conditions provided for in the regulations:

- The right of access, rectification and erasure of your Personal Data (Art. 15 to 17 of the GDPR)
- The right to withdraw your consent (opt out) at any time (Art. 13-2(c) of the GDPR)
- The right to restriction of Processing of your Personal Data (Art. 18 of the GDPR)
- The right to object the Processing of your Personal Data (Art. 21 of the GDPR)
- The right to Personal Data portability (Art. 20 of the GDPR)
- The right to file a complaint with the CNIL (the French data protection authority) (https://www.cnil.fr/fr/plaintes)
- The right to issue instructions allowing access to your Personal Data in the event of death (Art. 85 of the French law No. 78-17 of January 6, 1978, as amended).

You can exercise these rights by e-mail at privacy@zama.ai, specifying the right you wish to exercise and attaching proof of your identity (if necessary) or a power of attorney if you are being represented.

If you exercise these rights, we will endeavor to respond to your requests as soon as possible and at the latest within one month.
 

Libraries and Solutions
TFHE-rs Concrete Concrete ML FHEVM Confidential machine learningConfidential smart contracts
Developers
BlogDOCUMENTATION GITHUB FHE resources Research papers CommunityBounty and grant Program
Company
Aboutintroduction to fheEventsMediaCareers Newsletter LegalContact us
Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn't want the whole world to know, but a secret matter is something one doesn't want anybody to know. Privacy is the power to selectively reveal oneself to the world.If two parties have some sort of dealings, then each has a memory of their interaction. Each party can speak about their own memory of this; how could anyone prevent it? One could pass laws against it, but the freedom of speech, even more than privacy, is fundamental to an open society; we seek not to restrict any speech at all. If many parties speak together in the same forum, each can speak to all the others and aggregate together knowledge about individuals and other parties. The power of electronic communications has enabled such group speech, and it will not go away merely because we might want it to.Since we desire privacy, we must ensure that each party to a transaction have knowledge only of that which is directly necessary for that transaction. Since any information can be spoken of, we must ensure that we reveal as little as possible. In most cases personal identity is not salient. When I purchase a magazine at a store and hand cash to the clerk, there is no need to know who I am. When I ask my electronic mail provider to send and receive messages, my provider need not know to whom I am speaking or what I am saying or what others are saying to me; my provider only need know how to get the message there and how much I owe them in fees. When my identity is revealed by the underlying mechanism of the transaction, I have no privacy. I cannot here selectively reveal myself; I must always reveal myself.Therefore, privacy in an open society requires anonymous transaction systems. Until now, cash has been the primary such system. An anonymous transaction system is not a secret transaction system. An anonymous system empowers individuals to reveal their identity when desired and only when desired; this is the essence of privacy.Privacy in an open society also requires cryptography. If I say something, I want it heard only by those for whom I intend it. If the content of my speech is available to the world, I have no privacy. To encrypt is to indicate the desire for privacy, and to encrypt with weak cryptography is to indicate not too much desire for privacy. Furthermore, to reveal one's identity with assurance when the default is anonymity requires the cryptographic signature.We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy out of their beneficence. It is to their advantage to speak of us, and we should expect that they will speak. To try to prevent their speech is to fight against the realities of information. Information does not just want to be free, it longs to be free. Information expands to fill the available storage space. Information is Rumor's younger, stronger cousin; Information is fleeter of foot, has more eyes, knows more, and understands less than Rumor.We must defend our own privacy if we expect to have any. We must come together and create systems which allow anonymous transactions to take place. People have been defending their own privacy for centuries with whispers, darkness, envelopes, closed doors, secret handshakes, and couriers. The technologies of the past did not allow for strong privacy, but electronic technologies do.We the Cypherpunks are dedicated to building anonymous systems. We are defending our privacy with cryptography, with anonymous mail forwarding systems, with digital signatures, and with electronic money.Cypherpunks write code. We know that someone has to write software to defend privacy, and since we can't get privacy unless we all do, we're going to write it. We publish our code so that our fellow Cypherpunks may practice and play with it. Our code is free for all to use, worldwide. We don't much care if you don't approve of the software we write. We know that software can't be destroyed and that a widely dispersed system can't be shut down.Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act. The act of encryption, in fact, removes information from the public realm. Even laws against cryptography reach only so far as a nation's border and the arm of its violence. Cryptography will ineluctably spread over the whole globe, and with it the anonymous transactions systems that it makes possible.For privacy to be widespread it must be part of a social contract. People must come and together deploy these systems for the common good. Privacy only extends so far as the cooperation of one's fellows in society. We the Cypherpunks seek your questions and your concerns and hope we may engage you so that we do not deceive ourselves. We will not, however, be moved out of our course because some may disagree with our goals.The Cypherpunks are actively engaged in making the networks safer for privacy. Let us proceed together apace.Onward. By Eric Hughes. 9 March 1993.