Dashboard Extension surfaces
zeflin

AI-tool monitoring notice

Acknowledged

Please read this before AI-tool monitoring begins for you. This is the gate — no acknowledgment, no capture.

Signed in as morgan.reyes@acme.comAcme Corp
zeflin
Employee monitoring notice
Guardrails, not surveillance theater. Here is exactly what is and isn't captured.
US notice2026-05-US-v4Published May 2, 2026

What is captured

  • Your full prompts — the complete text you send to approved AI tools (ChatGPT, Claude, Gemini).
  • The full AI responses those tools return to you.
  • Copy and paste of AI content into your declared work destinations (e.g. company Gmail, Google Docs, Slack, Jira). For pastes we store only content hashes, not the text itself.

Why

To keep sensitive company data from leaking into AI tools, and to trace where AI-generated content lands in real work — for cyber-insurance readiness and security / audit questionnaires. This is governance of the AI data boundary, not performance surveillance. No automated scoring or discipline — a human reviews anything that matters.

Scope — and its limits

In scope
  • • Approved AI tools (web)
  • • Your declared work destinations
  • • Managed, signed-in Chrome
Never in scope
  • • Personal accounts
  • • Personal webmail
  • • Personal browsing

What Zeflin will never do

  • Block your work. AI content you paste into emails, docs, or tickets is never blocked — you may be asked to acknowledge it, but the paste always goes through.
  • Score or discipline you automatically. Nothing here is an auto-score or an auto-action. A human reviews anything that matters.
  • Touch your personal life. Personal accounts, personal webmail, and personal browsing are never captured — only approved AI tools and your declared work destinations.

How long it's kept

Captured content is retained for 90 days, then hard-deleted — permanently removed, not archived.

No secondary use

This data is not sold, used for advertising, or used to train any AI model. It exists only to govern the AI data boundary for your employer.

Full notice text · 2026-05-US-v4
Notice of AI-tool monitoring. Your employer uses Zeflin to govern the AI data boundary. Captured: full prompts and full AI responses you send to approved AI tools (ChatGPT, Claude, Gemini), and copy/paste activity into declared work destinations (pastes stored as content hashes, not text). Not captured: personal accounts, personal webmail, or personal browsing. Retention: 90 days, then hard-deleted — no archive. No secondary use: never sold, never used to train any AI model. Monitoring is not automated discipline — a human reviews anything that matters, and inbound AI-content pastes are never blocked. California residents: the prompts and responses captured about you are your personal information — you may access, delete, or correct it through your employer's DSAR process, answered within 45 days. Capture begins only after you acknowledge this notice.
Thank you — your acknowledgment is recorded.

Monitoring is now active for your AI-tool use under notice 2026-05-US-v4. You can revisit this notice at any time.

Acknowledged
May 2, 2026
2026-05-US-v4
Next re-ack due
May 2, 2027
annual, or on a new version
Preview state