morgankrey created
- Update Privacy Overview: tighten copy, add Business cross-link, add
SOC2 link, drop vague secure-by-default bullet
- Add Privacy for Business page: auto-enforced protections, how they
differ from individual opt-in, what data still leaves the org
- Add SOC2 stub: working toward Type 1, email sales@ for updates
- Update Telemetry: add Zed Business section linking to admin data
sharing controls; TODO for future telemetry org-wide disable
- Wire up SUMMARY.md links for Privacy for Business and SOC2
Release Notes:
- N/Adocs/src/SUMMARY.md | 4 +-
docs/src/ai/privacy-and-security.md | 40 +++++++++++----------------
docs/src/business/privacy.md | 44 +++++++++++++++++++++++++++++++
docs/src/soc2.md | 10 +++++++
docs/src/telemetry.md | 6 ++++
5 files changed, 79 insertions(+), 25 deletions(-)
@@ -75,9 +75,9 @@
- [Overview](./ai/privacy-and-security.md)
- [Worktree Trust](./worktree-trust.md)
- [AI Improvement](./ai/ai-improvement.md)
-- [Privacy for Business]()
+- [Privacy for Business](./business/privacy.md)
- [Telemetry](./telemetry.md)
-- [SOC2]()
+- [SOC2](./soc2.md)
# Platform Support
@@ -1,39 +1,33 @@
---
-title: AI Privacy and Security - Zed
-description: "Zed's approach to AI privacy: opt-in data sharing by default, zero-data retention with providers, and full open-source transparency."
+title: Privacy Overview - Zed
+description: "Zed's approach to privacy: opt-in data sharing, zero-data retention with AI providers, and an open-source codebase you can inspect."
---
-# Privacy and Security
+# Privacy Overview
-## Philosophy
+Zed collects minimal data necessary to serve and improve the product. Features that could share data are either opt-in or can be disabled.
-Zed collects minimal data necessary to serve and improve our product. Features that could share data, like AI and telemetry, are either opt-in or can be disabled.
+- **Telemetry:** Zed collects only the data necessary to understand usage and fix issues. Client-side telemetry can be disabled in settings. See [Telemetry](../telemetry.md).
-- **Telemetry**: Zed collects only the data necessary to understand usage and fix issues. Client-side telemetry can be disabled in settings.
+- **AI:** Zed doesn't store your prompts or code context. Data sharing for AI improvement is opt-in, and each share is a one-time action; it doesn't grant permission for future collection. You can use Zed's AI features without sharing any data with Zed. See [AI Improvement](./ai-improvement.md).
-- **AI**: Data sharing for AI improvement is opt-in, and each share is a one-time action; it does not grant permission for future data collection. You can use Zed's AI features without sharing any data with Zed and without authenticating.
+- **Open source:** Zed's codebase is public. You can inspect exactly what data is collected and how it's handled. If you find issues, [report them](https://github.com/zed-industries/zed/issues).
-- **Open-Source**: Zed's codebase is public. You can inspect exactly what data is collected and how it's handled. If you find issues, we encourage you to report them.
-
-- **Secure-by-default**: Designing Zed and our Service with "secure-by-default" as an objective is of utmost importance to us. We take your security and ours very seriously and strive to follow industry best-practice in order to uphold that principle.
+On Zed Business, administrators can enforce these settings org-wide so members can't opt in to data sharing individually. See [Privacy for Business](../business/privacy.md).
## Related Documentation
-- [Tool Permissions](./tool-permissions.md): Configure granular rules to control which agent actions are auto-approved, blocked, or require confirmation.
-
-- [Worktree trust](../worktree-trust.md): How Zed opens files and directories in restricted mode.
-
-- [Telemetry](../telemetry.md): How Zed collects general telemetry data.
-
-- [Zed AI Features and Privacy](./ai-improvement.md): An overview of Zed's AI features, your data when using AI in Zed, and how to opt-in and help Zed improve these features.
-
-- [Accounts](../authentication.md): When and why you'd need to authenticate into Zed, how to do so, and what scope we need from you.
-
-- [Collab](https://zed.dev/faq#data-and-privacy): How Zed's live collaboration works and how data flows. Zed does not store your code.
+- [Tool Permissions](./tool-permissions.md): Configure which agent actions are auto-approved, blocked, or require confirmation.
+- [Worktree Trust](../worktree-trust.md): How Zed opens files and directories in restricted mode.
+- [Telemetry](../telemetry.md): What telemetry Zed collects and how to control it.
+- [AI Improvement](./ai-improvement.md): How data sharing for AI improvement works and how to opt in.
+- [Privacy for Business](../business/privacy.md): How Zed Business enforces privacy settings across an organization.
+- [Authentication](../authentication.md): When and why authentication is needed.
+- [SOC2](../soc2.md): Zed's security certification status.
-## Legal Links
+## Legal
- [Terms of Service](https://zed.dev/terms)
- [Privacy Policy](https://zed.dev/privacy-policy)
-- [Zed's Contributor License and Feedback Agreement](https://zed.dev/cla)
+- [Contributor License and Feedback Agreement](https://zed.dev/cla)
- [Subprocessors](https://zed.dev/subprocessors)
@@ -0,0 +1,44 @@
+---
+title: Privacy for Business - Zed Business
+description: How Zed Business enforces data privacy across your organization, including auto-enforced prompt and training data protections.
+---
+
+# Privacy for Business
+
+On individual Zed plans, privacy protections for AI data are opt-in: members choose whether to share data with Zed for product improvement. On Zed Business, these protections are enforced automatically for all members. No configuration required.
+
+## What's enforced by default
+
+For all members of a Zed Business organization:
+
+- **No prompt sharing:** Member conversations and prompts are never shared with Zed. Members can't opt into [AI feedback via ratings](../ai/ai-improvement.md#ai-feedback-with-ratings), which would send conversation data to Zed.
+- **No training data sharing:** Member code context is never shared with Zed for [Edit Prediction model training](../ai/ai-improvement.md#edit-predictions). Members can't opt in individually.
+
+These protections are enforced server-side. They apply to every org member as soon as they join.
+
+## How this differs from individual plans
+
+On Free and Pro plans, data sharing is opt-in:
+
+- Members can choose to rate AI responses, which shares that conversation with Zed.
+- Members can opt into Edit Prediction training data collection for open source projects.
+
+On Zed Business, neither option is available to members. These aren't configurable settings; they're enforced.
+
+## What data still leaves the organization
+
+These controls cover what Zed stores and trains on. They don't change how AI inference works.
+
+When members use Zed's hosted AI models, their prompts and code context are sent to the relevant AI provider (Anthropic, OpenAI, Google, etc.) to generate responses. Zed requires zero-data retention agreements with these providers. See [AI Improvement](../ai/ai-improvement.md#data-retention-and-training) for details.
+
+[Bring-your-own-key (BYOK)](../ai/llm-providers.md) and [external agents](../ai/external-agents.md) are governed by each provider's own terms; Zed doesn't control how they handle data.
+
+## Additional controls for administrators
+
+Administrators can go further using [Admin Controls](./admin-controls.md):
+
+- Disable Zed-hosted models entirely, so no prompts reach Zed's model infrastructure
+- Disable Edit Predictions org-wide
+- Disable real-time collaboration
+
+See [Admin Controls](./admin-controls.md) for the full list.
@@ -0,0 +1,10 @@
+---
+title: SOC2 - Zed
+description: Zed's SOC2 certification status.
+---
+
+# SOC2
+
+Zed is working toward SOC2 Type 1 certification.
+
+For updates or compliance questions, email [sales@zed.dev](mailto:sales@zed.dev).
@@ -64,6 +64,12 @@ When using Zed's hosted services, we collect metadata for rate limiting and bill
For details on AI data handling, see [Zed AI Features and Privacy](./ai/ai-improvement.md).
+## Zed Business
+
+Administrators on Zed Business can enforce a no-sharing policy org-wide, blocking members from opting into [edit prediction training data sharing or AI feedback ratings](./ai/ai-improvement.md). See [Data Sharing](./business/admin-controls.md#data-sharing) in Admin Controls.
+
+<!-- TODO: link to telemetry org-wide disable control once it ships (currently planned for a future release) -->
+
## Concerns and Questions
If you have concerns about telemetry, you can [open an issue](https://github.com/zed-industries/zed/issues/new/choose) or email hi@zed.dev.