Last updated: November 3, 2025

1. Data Controller

Zeder LLC ("selenios.com"), registered in the State of Delaware, is responsible for the processing of personal data we collect and process through our website and application. Responsible: Julián Bender.

2. Scope of this Policy

This Privacy Policy regulates the collection, processing, and storage of personal data in relation to the use of selenios.com services. We are committed to complying with privacy and data protection laws in force in the jurisdictions where we operate, as well as following the Data Protection Principles of the Ibero-American Data Protection Network (RIPD).

3. Data Protection Officer (DPO)

selenios.com has appointed a Data Protection Officer (DPO) to oversee compliance with privacy and data protection regulations, as well as to serve as a point of contact between selenios.com, its clients, and data protection authorities.

DPO Identity: The appointed DPO is Julián Bender, who possesses the necessary experience and knowledge in data privacy legislation and practices.
DPO Contact: For any inquiries or requests regarding data privacy, the DPO can be contacted at: dpo@selenios.com

DPO Functions:

Compliance Oversight: Monitor selenios.com's compliance with local and international data protection regulations.
User Request Management: Facilitate and coordinate the exercise of data subjects' rights.
Advisory to selenios.com: Provide guidance on best practices and obligations in handling personal data.
Authority Relations: Act as a point of contact with data protection authorities.
Security Incident Management: Advise on the management of data security incidents.

4. Data Classification

selenios.com classifies personal data according to its sensitivity level:

Confidential Data: Highly sensitive data requiring the highest levels of protection.
Restricted Data: Information requiring significant protection and limited access.
Public Data: Information intended for public consumption.

5. Role of selenios.com in Data Processing

When selenios.com is the Data Controller: In situations where selenios.com interacts directly with users and obtains their explicit consent.

When selenios.com is the Data Processor: In situations where selenios.com processes data on behalf of the client.

6. Data Subject Rights

In compliance with local regulations, selenios.com guarantees the exercise of the following rights:

Access: right to know what personal data we have.
Rectification: request the update or correction of incorrect data.
Deletion and Opposition: right to request deletion or suspension of processing.
Portability: right to receive data in a structured format.
Processing Limitation: right to restrict data processing.

To exercise these rights, contact us at: dpo@selenios.com

7. Use of Cookies and Similar Technologies

selenios.com uses cookies and similar technologies to improve user experience.

Types of Cookies We Use:

Essential Cookies: Necessary for basic site functionality.
Performance Cookies: Help us understand how users interact with our site.
Functionality Cookies: Allow remembering user preferences.
Marketing Cookies: Used to deliver relevant advertisements.

8. Data Retention and Deletion

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Once data is no longer needed, it will be securely deleted.

9. International Data Transfers

selenios.com will ensure that any transfer of personal data to third countries is carried out in accordance with required protection levels.

10. Data Security

We implement appropriate technical and organizational security measures to protect personal data against unauthorized access, alteration, loss, or improper disclosure.

11. Changes to this Policy

This Policy may be modified to reflect updates in our services or regulatory changes. Users will be notified of any significant modifications.

12. Contact

For inquiries or questions about this Policy or the processing of your personal data, contact us at: dpo@selenios.com

Security and Information Management Policy

Last updated: October 15, 2025

1. Introduction

This document has been prepared by the Engineering Department of Zeder LLC with the purpose of presenting a detailed and comprehensive description of the security measures, policies, and protocols applied in protecting the services this corporation offers. The confidentiality, integrity, and availability of information handled by Zeder LLC represents an unwavering commitment for the company, which is evidenced through the implementation of advanced security strategies, in line with international cybersecurity industry models and regulations.

Zeder LLC, an organization specialized in recording and storing corporate video calls, captures and hosts virtual interactions within a security framework that preserves the privacy of both participants and data handled during such communications. Services are marketed under the brand and platform selenios.com.

2. Organizational Context

Zeder LLC positions itself as a regional leader in providing AI-powered recruitment services with a particular emphasis on information security. The organization complies with rigorous security controls to ensure that each phase of the recording, storage, and access process for video calls is governed by data protection and user privacy principles. The customer-facing operational platform is selenios.com.

3. Security Infrastructure and Architecture

The technological infrastructure of Zeder LLC is designed to form a secure and resilient ecosystem. The design of its technological architecture includes multiple security layers, including next-generation firewalls, intrusion detection and prevention systems (IDS/IPS), and Network Segmentation solutions to control data traffic flow and prevent unauthorized access to internal systems.

The infrastructure of the various applications owned by Zeder LLC is primarily hosted on Amazon Web Services (AWS) following the main security standards.

4. Video Call Recording Procedures

Video calls are recorded from the synchronization of calendars of each selenios.com user. selenios.com users in their meetings are responsible for notifying other participants that the session is being recorded by selenios.com.

Sessions are captured using secure automated tools that ensure recording fidelity and protection against any improper manipulation.

5. Data Storage Policies

Zeder LLC employs Amazon Web Services (AWS) S3 services for video call storage. AWS was chosen due to its demonstrated commitment to computer security, offering features such as client-side encryption, detailed access logs, and geographic data replication options to increase availability and durability.

Information generated by selenios.com is stored in MongoDB databases on MongoDB Atlas Cloud servers.

6. Artificial Intelligence

Zeder LLC / selenios.com uses the services and models of OpenAI and ElevenLabs through their API. OpenAI and Eleven Labs publicly state that they do not train their models with information that Zeder LLC / selenios.com sends to their servers. Information on OpenAI and Eleven Labs servers is encrypted using AES-256 and is SOC2 compliant.

References:

7. Access and Identity Management

The access policy of Zeder LLC ensures that only previously authorized and authenticated personnel can access information. Following the principle of least privilege, strict permissions are assigned that suit the role each user performs within the client organization. Additionally, access to video calls is compartmentalized by organization, meaning users can only access calls relevant to their corporate scope.

8. Data Encryption and Secure Transfer

All information, both in transit and at rest, is encrypted using recognized and strong algorithms, such as Advanced Encryption Standard (AES) for encryption at rest, and TLS for encryption in transit. This level of protection ensures that data is secure against interceptions and unauthorized access during transmission and storage.

9. Monitoring and Incident Management

The infrastructure of Zeder LLC is continuously monitored to detect and respond to any anomalous activity. The company has an Incident Response Team (CERT) that operates in collaboration with advanced monitoring solutions to act diligently upon any indication of compromise.

10. Resilience Strategies and Contingency Plans

Aware of the inherent risks in data management, Zeder LLC has established a solid business continuity and disaster recovery plan. This plan includes the use of automatic backups and redundancy strategies to ensure quick and effective recovery of information in case of unforeseen situations.

11. Workforce Education and Awareness

Training and awareness in security matters are cornerstones for Zeder LLC. The organization invests in continuing education programs for its personnel, ensuring that each member of the company is aware of industry best practices and actively participates in safeguarding information security.

12. Employee Access Limitation and Account Protection

Zeder LLC operates under a strict "privacy by design" policy which imposes firm barriers around the information its employees can access. Only access to information necessary to perform assigned functions is permitted, and under no circumstances is employee access to video call recordings authorized without legitimate and documented cause. Additionally, all Amazon Web Services (AWS) accounts used in data management and storage are fortified with two-factor authentication (2FA), ensuring that even in the event of a possible breach of security credentials, systems will continue to be protected by an additional security layer that requires a second form of verification before allowing access.

13. Continuous Security Audits and Reviews

The security framework of Zeder LLC is subject and exposed to constant testing including internal and external audits, penetration testing, and vulnerability assessments. These examinations are vital to maintaining a consistent and evolving security posture against the changing dynamics of cyber threats.

14. Contact and Policy Updates

The IT security policies and procedures of Zeder LLC are subject to regular reviews to adapt to new technologies and emerging threats. For inquiries or specific requests for additional security information, the following contact is provided: dpo@selenios.com.

Annex: Google Integrations (Calendar)

"Google API Services User Data Policy" Compliance

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

English canonical wording (required by Google): "Our use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements."

1. Google Data We Access (Data Accessed)

Google Calendar (to display availability, propose and schedule interviews)

Events: title, description, start and end time, time zone, participants/attendees, video call links (e.g., Google Meet), location and response status.
Availability: free/busy windows to suggest and confirm meetings.
Profile information: user's email address for identification.

Exact scopes:

https://www.googleapis.com/auth/calendar.readonly (read events and availability)
https://www.googleapis.com/auth/calendar.events (create, read and modify events)
https://www.googleapis.com/auth/userinfo.email (obtain user email)

2. How We Use the Data (Data Usage)

Provide visible functions requested by the user: view availability, propose/create/update calendar events.
We do not sell data, we do not use it for advertising targeting or profiling for marketing purposes.
Human access: is prohibited, except for (a) explicit user consent; (b) legal obligation; or (c) security/abuse (e.g., investigating an incident).
Minimization principle: we request and process only the data necessary for the authorized function.

3. Third-Party Sharing (Data Sharing)

We share data exclusively with Amazon Web Services (AWS), which acts as infrastructure and storage processor/subprocessor under contract. AWS processes data only following our instructions, with equivalent security measures and without the right to use it for its own purposes.

Beyond the above, we do not share Google data with third parties except for legal obligation or user consent, in accordance with Limited Use exceptions.

4. Storage, Security and Retention (Storage & Security)

OAuth Tokens: stored encrypted and with role-restricted access; periodic rotation.
Encryption: data protected in transit (TLS) and at rest.
Logs and derived data: we retain only minimum necessary identifiers and states (e.g., event IDs and operational flags) for service continuity.
Retention: we maintain Calendar data while the integration is active and as necessary for providing the authorized functionality.
Deletion: upon deactivating the integration or closing the account, we revoke tokens immediately and delete associated Google synced data within a maximum of 30 days (rotative backup copies purged in ≤ 90 days), except for legally required retentions.

5. User Control: Revocation and Deletion (Revocation & Deletion)

Revoke permissions in Google: the user can withdraw access at any time from their Google Account → Security → Third-party apps with account access → Manage access (also available at myaccount.google.com/permissions).

From Selenios: the user can deactivate the integration and/or request deletion of their account and synced data by writing to dpo@selenios.com; we process the deletion according to the timeframes in point 4.

6. In-Product Notices

We display clear notices alongside functions that use Google data (e.g., when connecting Calendar or creating an event), indicating what data will be used and for what purpose, before the user confirms.

7. Changes and Verification

If we expand the scope of data or its use, we will update this section and, when applicable, request additional verification from Google before requesting new permissions.