From 07ddeb627588fb17c8a846c1162bd3168aa54a36 Mon Sep 17 00:00:00 2001 From: morgankrey Date: Thu, 19 Mar 2026 09:24:58 -0500 Subject: [PATCH] docs: Write Privacy & Security section (BIZOPS-983) - Update Privacy Overview: tighten copy, add Business cross-link, add SOC2 link, drop vague secure-by-default bullet - Add Privacy for Business page: auto-enforced protections, how they differ from individual opt-in, what data still leaves the org - Add SOC2 stub: working toward Type 1, email sales@ for updates - Update Telemetry: add Zed Business section linking to admin data sharing controls; TODO for future telemetry org-wide disable - Wire up SUMMARY.md links for Privacy for Business and SOC2 Release Notes: - N/A --- docs/src/SUMMARY.md | 4 +-- docs/src/ai/privacy-and-security.md | 40 +++++++++++--------------- docs/src/business/privacy.md | 44 +++++++++++++++++++++++++++++ docs/src/soc2.md | 10 +++++++ docs/src/telemetry.md | 6 ++++ 5 files changed, 79 insertions(+), 25 deletions(-) create mode 100644 docs/src/business/privacy.md create mode 100644 docs/src/soc2.md diff --git a/docs/src/SUMMARY.md b/docs/src/SUMMARY.md index 8fe6291c4ea9aa0dd00c58012b2e353bf3733d53..8641ced959271d6d7595bd409e9110b10c8e48bf 100644 --- a/docs/src/SUMMARY.md +++ b/docs/src/SUMMARY.md @@ -75,9 +75,9 @@ - [Overview](./ai/privacy-and-security.md) - [Worktree Trust](./worktree-trust.md) - [AI Improvement](./ai/ai-improvement.md) -- [Privacy for Business]() +- [Privacy for Business](./business/privacy.md) - [Telemetry](./telemetry.md) -- [SOC2]() +- [SOC2](./soc2.md) # Platform Support diff --git a/docs/src/ai/privacy-and-security.md b/docs/src/ai/privacy-and-security.md index 828953cca74868b097490dfafcb318b8245a2ef8..7444eb97b8da981f5aeec11733068140875458d2 100644 --- a/docs/src/ai/privacy-and-security.md +++ b/docs/src/ai/privacy-and-security.md @@ -1,39 +1,33 @@ --- -title: AI Privacy and Security - Zed -description: "Zed's approach to AI privacy: opt-in data sharing by default, zero-data retention with providers, and full open-source transparency." +title: Privacy Overview - Zed +description: "Zed's approach to privacy: opt-in data sharing, zero-data retention with AI providers, and an open-source codebase you can inspect." --- -# Privacy and Security +# Privacy Overview -## Philosophy +Zed collects minimal data necessary to serve and improve the product. Features that could share data are either opt-in or can be disabled. -Zed collects minimal data necessary to serve and improve our product. Features that could share data, like AI and telemetry, are either opt-in or can be disabled. +- **Telemetry:** Zed collects only the data necessary to understand usage and fix issues. Client-side telemetry can be disabled in settings. See [Telemetry](../telemetry.md). -- **Telemetry**: Zed collects only the data necessary to understand usage and fix issues. Client-side telemetry can be disabled in settings. +- **AI:** Zed doesn't store your prompts or code context. Data sharing for AI improvement is opt-in, and each share is a one-time action; it doesn't grant permission for future collection. You can use Zed's AI features without sharing any data with Zed. See [AI Improvement](./ai-improvement.md). -- **AI**: Data sharing for AI improvement is opt-in, and each share is a one-time action; it does not grant permission for future data collection. You can use Zed's AI features without sharing any data with Zed and without authenticating. +- **Open source:** Zed's codebase is public. You can inspect exactly what data is collected and how it's handled. If you find issues, [report them](https://github.com/zed-industries/zed/issues). -- **Open-Source**: Zed's codebase is public. You can inspect exactly what data is collected and how it's handled. If you find issues, we encourage you to report them. - -- **Secure-by-default**: Designing Zed and our Service with "secure-by-default" as an objective is of utmost importance to us. We take your security and ours very seriously and strive to follow industry best-practice in order to uphold that principle. +On Zed Business, administrators can enforce these settings org-wide so members can't opt in to data sharing individually. See [Privacy for Business](../business/privacy.md). ## Related Documentation -- [Tool Permissions](./tool-permissions.md): Configure granular rules to control which agent actions are auto-approved, blocked, or require confirmation. - -- [Worktree trust](../worktree-trust.md): How Zed opens files and directories in restricted mode. - -- [Telemetry](../telemetry.md): How Zed collects general telemetry data. - -- [Zed AI Features and Privacy](./ai-improvement.md): An overview of Zed's AI features, your data when using AI in Zed, and how to opt-in and help Zed improve these features. - -- [Accounts](../authentication.md): When and why you'd need to authenticate into Zed, how to do so, and what scope we need from you. - -- [Collab](https://zed.dev/faq#data-and-privacy): How Zed's live collaboration works and how data flows. Zed does not store your code. +- [Tool Permissions](./tool-permissions.md): Configure which agent actions are auto-approved, blocked, or require confirmation. +- [Worktree Trust](../worktree-trust.md): How Zed opens files and directories in restricted mode. +- [Telemetry](../telemetry.md): What telemetry Zed collects and how to control it. +- [AI Improvement](./ai-improvement.md): How data sharing for AI improvement works and how to opt in. +- [Privacy for Business](../business/privacy.md): How Zed Business enforces privacy settings across an organization. +- [Authentication](../authentication.md): When and why authentication is needed. +- [SOC2](../soc2.md): Zed's security certification status. -## Legal Links +## Legal - [Terms of Service](https://zed.dev/terms) - [Privacy Policy](https://zed.dev/privacy-policy) -- [Zed's Contributor License and Feedback Agreement](https://zed.dev/cla) +- [Contributor License and Feedback Agreement](https://zed.dev/cla) - [Subprocessors](https://zed.dev/subprocessors) diff --git a/docs/src/business/privacy.md b/docs/src/business/privacy.md new file mode 100644 index 0000000000000000000000000000000000000000..4da8d8d6b8b04a7b18abea27e4665612c4e48d4b --- /dev/null +++ b/docs/src/business/privacy.md @@ -0,0 +1,44 @@ +--- +title: Privacy for Business - Zed Business +description: How Zed Business enforces data privacy across your organization, including auto-enforced prompt and training data protections. +--- + +# Privacy for Business + +On individual Zed plans, privacy protections for AI data are opt-in: members choose whether to share data with Zed for product improvement. On Zed Business, these protections are enforced automatically for all members. No configuration required. + +## What's enforced by default + +For all members of a Zed Business organization: + +- **No prompt sharing:** Member conversations and prompts are never shared with Zed. Members can't opt into [AI feedback via ratings](../ai/ai-improvement.md#ai-feedback-with-ratings), which would send conversation data to Zed. +- **No training data sharing:** Member code context is never shared with Zed for [Edit Prediction model training](../ai/ai-improvement.md#edit-predictions). Members can't opt in individually. + +These protections are enforced server-side. They apply to every org member as soon as they join. + +## How this differs from individual plans + +On Free and Pro plans, data sharing is opt-in: + +- Members can choose to rate AI responses, which shares that conversation with Zed. +- Members can opt into Edit Prediction training data collection for open source projects. + +On Zed Business, neither option is available to members. These aren't configurable settings; they're enforced. + +## What data still leaves the organization + +These controls cover what Zed stores and trains on. They don't change how AI inference works. + +When members use Zed's hosted AI models, their prompts and code context are sent to the relevant AI provider (Anthropic, OpenAI, Google, etc.) to generate responses. Zed requires zero-data retention agreements with these providers. See [AI Improvement](../ai/ai-improvement.md#data-retention-and-training) for details. + +[Bring-your-own-key (BYOK)](../ai/llm-providers.md) and [external agents](../ai/external-agents.md) are governed by each provider's own terms; Zed doesn't control how they handle data. + +## Additional controls for administrators + +Administrators can go further using [Admin Controls](./admin-controls.md): + +- Disable Zed-hosted models entirely, so no prompts reach Zed's model infrastructure +- Disable Edit Predictions org-wide +- Disable real-time collaboration + +See [Admin Controls](./admin-controls.md) for the full list. diff --git a/docs/src/soc2.md b/docs/src/soc2.md new file mode 100644 index 0000000000000000000000000000000000000000..30e79705b593902ba144c00913ae7d8ebaa9297d --- /dev/null +++ b/docs/src/soc2.md @@ -0,0 +1,10 @@ +--- +title: SOC2 - Zed +description: Zed's SOC2 certification status. +--- + +# SOC2 + +Zed is working toward SOC2 Type 1 certification. + +For updates or compliance questions, email [sales@zed.dev](mailto:sales@zed.dev). diff --git a/docs/src/telemetry.md b/docs/src/telemetry.md index a8ca9f3e03ce9c5399af38ab443a043a813b6c8f..6d662ea09cec2a0f9100a3348d698af366231f7d 100644 --- a/docs/src/telemetry.md +++ b/docs/src/telemetry.md @@ -64,6 +64,12 @@ When using Zed's hosted services, we collect metadata for rate limiting and bill For details on AI data handling, see [Zed AI Features and Privacy](./ai/ai-improvement.md). +## Zed Business + +Administrators on Zed Business can enforce a no-sharing policy org-wide, blocking members from opting into [edit prediction training data sharing or AI feedback ratings](./ai/ai-improvement.md). See [Data Sharing](./business/admin-controls.md#data-sharing) in Admin Controls. + + + ## Concerns and Questions If you have concerns about telemetry, you can [open an issue](https://github.com/zed-industries/zed/issues/new/choose) or email hi@zed.dev.