How SystemZero handles your data.

Commitment to your data.

We are committed to protecting your personal data and respecting your privacy. This Data Policy explains how Consilia ApS (operating under the Human Thinking brand) collects, uses, discloses, and safeguards your information when you use SystemZero or any of the products built on it — ChatTutor, MasterAI, Weber, Koncert, TailWind, Logos, Sherlock, and Porter.

What we process.

We may collect and process the following types of personal data:

• Personal identification information: name and email address.
• Technical data: IP address, browser type, operating system.
• Usage data: information generated when you use the application — chat messages, interactions with learning or source material, and uploaded files.

What we do with it.

We use the information we collect for the following purposes:

• To provide, operate, and maintain our services.
• To improve, personalise, and expand our services.
• To communicate with you, including customer service and support.
• To process transactions and send related information.
• To comply with legal obligations.

Who we share with.

We do not sell, trade, or otherwise transfer your personal data to outside parties except as described in this policy. We may share your information with:

• Third-party service providers: including the large-language-model (LLM) endpoints used to generate output.
• Legal requirements: when required by law or to protect our rights.

How we protect it.

We implement a variety of security measures to maintain the safety of your personal data. We monitor security issues for the packages we depend on and track disclosures using Open Source Intelligence tools. Access to production systems is restricted to named engineers, and all traffic between your browser and our servers is encrypted in transit.

What you can ask us to do.

Note that we use external service providers to generate output or to monitor performance of our platform — for example, we allow customers to route requests through OpenAI’s GPT models as outlined in Section 09. By using the service you agree that we may transmit data to third-party providers, and that data is subject to their terms of service.

Depending on your location, you have the following rights regarding personal data stored on our services:

• The right to access — request a copy of your personal data.
• The right to rectification — request that we correct information you believe is inaccurate.
• The right to erasure — request that we delete your personal data, under certain conditions.
• The right to restrict processing — request that we restrict processing of your personal data, under certain conditions.
• The right to object to processing — object to our processing of your personal data, under certain conditions.
• The right to data portability — request that we transfer the data we have collected to another organisation, or directly to you, under certain conditions.

How the platform is built.

SystemZero is delivered as a web application that allows users to:

• Access source material (such as PDF files or organisational documents).
• Get help from an AI agent (a large language model such as GPT).

These features are enabled by parsing user-provided documents. The platform uses the following components:

• Front-end application: JavaScript and HTML, executed by the user’s browser.
• Back-end application: Python code that handles requests the user makes (storing and retrieving data from the database, calling external services, and so on).
• Server: the infrastructure that runs the backend.

The backend is written in Python using the Django framework. Django is the most widely adopted web-development framework for Python, used by thousands of open-source and commercial projects; we have assessed our setup against CIS Benchmarks.

We have followed standard recommendations when building SystemZero and selected packages with wide commercial use. We have avoided trial-version libraries, and libraries with controversial licensing or unclear source availability.

Where your data lives.

SystemZero is currently hosted on DigitalOcean. The primary server is physically located in Frankfurt, Germany (EU).

The server instance follows a typical Django configuration — to the best of our knowledge we use a stack of open-source products in widespread commercial use, and which are typically recommended for such projects. The four main services are:

• NGINX — gateway and hosting of static files.
• Gunicorn — the main application server.
• Daphne — WebSocket server.
• PostgreSQL — database server.

Third parties we may involve.

We use the following types of external services, which may process user-sensitive data:

• LLM endpoints for generating answers from large language models.
• PDF OCR services for parsing equations (all PDF documents are stored and served from our servers).
• Hosting services for sending and receiving emails and other typical tasks.
• Bug aggregation services and other tools for performance monitoring.

SystemZero is designed to store data centrally on infrastructure we control and to use third-party dependencies only on demand. Third-party services are, in every case, used to process data held on our servers — never as the primary storage medium for user-sensitive data.

• AI on-Demand — terms of use: aiod.eu/terms-conditions/
• OpenAI paid LLM endpoints — terms of use: openai.com/policies/terms-of-use/. Accessed through OpenAI’s own library (openai-python, released under Apache-2).
• Mathpix Convert OCR service — terms of use: mathpix.com/terms. We access the service by sending direct HTTP requests using curl; no client library license applies.
• One.com — domain and SMTP hosting: one.com terms.

Open-source components.

Our system uses a curated set of open-source tools, libraries, modules, and databases. The reference repository for platform-level dependencies is hosted at DTU Compute.

If we update it.

We may update our Data Policy from time to time. We will notify registered users by email for any material change. You are advised to review this policy periodically for any changes.

Questions about this policy.

If you have any questions about this Data Policy, please contact our Data Protection Officer (DPO): Kurt Nielsen at kurt@humanthinking.tech.

General privacy questions can be directed to privacy@humanthinking.tech. If you’re unhappy with our response, you have the right to lodge a complaint with Datatilsynet, the Danish Data Protection Agency.