How does ZeroH protect sensitive data when using AI?

ZeroH classifies every field in your documents into three categories: blocked (never transmitted to AI), masked (ranges/pseudonyms sent instead of exact values), and allowed (safe to share). A human-in-the-loop approval step ensures accountability before any data reaches AI services.

Which regulations does ZeroH support?

ZeroH supports Qatar PDPPL, Saudi PDPL, UAE PDPL/CBUAE, Bahrain PDPL, Malaysia PDPA, and AAOIFI Shariah standards. Data residency controls ensure compliance with regional requirements.

Can I use any AI model with ZeroH?

Yes. ZeroH is model-agnostic — use OpenAI, Anthropic, Google, or on-premise models. Your data stays protected regardless of which AI provider you choose.

How is the audit trail verified?

Every AI interaction is recorded on the blockchain with a tamper-proof transaction hash. The audit trail captures who accessed what data, when, and what masking was applied — providing full regulatory compliance evidence.

Audit Trail

Complete history of AI interactions with classified context

Sessions This Week

Files Accessed

262

Fields Allowed

Fields Blocked

All sessions permanently verified on Hedera Hashgraph (enterprise ledger)

Viewing as:

Different roles see different levels of detail

Filter by User

Filter by Model

Showing 6 of 6 sessions

What Gets Logged

Transparency into our audit trail design

LOGGED

User & roleJennifer Walsh, M&A

∟ Accountability

TimestampDec 10, 10:15 AM

∟ Timeline

Duration23 minutes

∟ Usage patterns

Message count14 messages

∟ Activity level

Files accessedacme_financials.xlsx

∟ What was touched

Field counts3 allowed, 5 masked, 13 blocked

∟ Proof controls worked

AI modelClaude Sonnet 4

∟ Vendor tracking

Blockchain hash0x7a3f...b2c1

∟ Immutability

NEVER STORED

Session summaryWhat you discussed

∟ Leaks business context

Individual messagesYour questions

∟ Privacy, liability

AI responsesWhat AI said

∟ Privacy, liability

Actual field valuesThe $42M number

∟ Not needed for audit

Business contextWhy you asked

∟ Zero context retained

📋 What Auditors Actually Need

Auditors don't care about the conversation. They care about:

Who accessed what files

What was protected (field counts)

When it happened

Proof it's immutable (hash)

The actual messages? Not needed. In fact, storing them is a liability.

✨ Benefits of This Design

Privacy by Design

If someone breaches your audit logs, they get:

✓ "Jennifer Walsh analyzed M&A documents, 13 fields blocked"

✗ "What's the acquisition price?" → "Based on the CIM, $42M..."

Data Minimization

GDPR Art. 5 compliant — only storing what's necessary for compliance.

90% Less Storage

Full logs: ~50KB/session. Summary logs: ~2KB/session.

On-Premise AI = No Leakage

Summary generated on-prem. It describes interaction patterns, not content.

Simpler Legal Discovery

You have who, when, what was protected. No content = less liability.