Leadership development that's enterprise-ready from day one
We build technology you can trust. Security, privacy, and compliance aren't afterthoughts — they're foundational to everything we do.
“When leaders practice with us, they share real challenges. That trust is sacred — and we protect it with the same rigor we bring to everything we build.”
Juan Pablo Larenas
Founder & CEO, Zursum
Built on six pillars of trust
Every aspect of our platform is designed to protect your people and your data.
Enterprise-grade security
Independent audits, SOC 2 preparedness, and continuous monitoring ensure your data meets the highest standards.
Accurate & monitored
Continuous quality monitoring of AI outputs, bias detection, and multi-run scoring ensure reliable, fair feedback.
Evidence-based
Coaching grounded in international leadership frameworks and validated methodologies — not generic advice.
Confidential
Each organization's data is fully isolated. Conversations are never shared across organizations or used to train AI models.
Secure by design
TLS 1.3 encryption in transit, zero data retention with AI providers, rate limiting on all endpoints, and regular security reviews.
Private & compliant
GDPR & CCPA compliant. Aggregate analytics for admins, individual transcripts stay confidential. Full data export & deletion rights.
Your conversations are private
We chose our AI providers specifically for their privacy-first approach. Here's how your data is handled:
Your data is never used for AI training
We use Anthropic Claude for AI analysis. Anthropic never uses API data to train their models - this is stated in their Commercial Terms.
Anthropic Commercial Terms30-day data retention with AI provider
Anthropic retains API data for 30 days for trust & safety purposes, then permanently deletes it. Zero data retention agreements are available for enterprise.
Anthropic Data Retention PolicyVoice data processed securely
Voice calls are processed by Retell AI, which is SOC 2 Type II certified and HIPAA compliant. Audio is deleted after processing unless you choose to save it.
Retell AI ComplianceSecurity Measures
Multiple layers of protection ensure your data is secure at every stage.
Two-Factor Authentication (2FA)
TOTP-based 2FA with authenticator app support, recovery codes, and organization-level enforcement
Encryption in Transit
All data transmitted using TLS 1.3 encryption
Secure Cloud Infrastructure
Hosted on Vercel and Neon (PostgreSQL) with enterprise-grade security
Access Controls
Role-based access control, OAuth 2.0, and SSO (SAML/OIDC) for enterprise
Session Management
View and revoke active sessions across devices with real-time activity tracking
Audit Logging
Comprehensive logging of security-relevant events for compliance
Rate Limiting
Protection against abuse with intelligent rate limiting on all endpoints
Regular Security Reviews
Ongoing security assessments and vulnerability monitoring
Your Data Rights
You have full control over your personal data. Here's what you can do:
Right to Access
Export all your personal data at any time
Right to Deletion
Delete your account and all associated data
Right to Portability
Download your data in a machine-readable format (JSON)
Data Retention Control
Organizations can configure custom data retention policies
To exercise any of these rights, go to Settings → Data & Privacy in your dashboard, or contact us at
Third-Party Subprocessors
We carefully select our service providers based on their security posture and privacy practices.
| Provider | Purpose | Certifications | Data Retention |
|---|---|---|---|
| Anthropic AI analysis and feedback generation | AI analysis and feedback generation | SOC 2ISO 27001 | 30 days |
| Retell AI Voice conversation processing | Voice conversation processing | SOC 2 Type IIHIPAAGDPR | Customer-controlled |
| Neon Database hosting (PostgreSQL) | Database hosting (PostgreSQL) | SOC 2 | Customer-controlled |
| Vercel Application hosting | Application hosting | SOC 2ISO 27001 | — |
| Stripe Payment processing | Payment processing | PCI DSS Level 1SOC 2 | As required by law |
Frequently Asked Questions
Enterprise Security Requirements?
Need SSO (SAML/OIDC), a custom DPA, security questionnaire, or specific compliance documentation? Our team is ready to help.