Last updated: June 24, 2026
Overview
This page explains how data flows through z3t.ai when Customers create, publish, and run AI-powered Agents and workflows.
It is intended to help Customers, Creators, security teams, procurement teams, and privacy professionals understand:
- who is responsible for different types of processing;
- when data is processed by AI providers;
- how integrations work;
- what role Appesco B.V. plays;
- what data may leave the Platform.
This page should be read together with our:
The Roles Involved
Appesco B.V.
Appesco B.V. operates the z3t.ai Platform.
Our role is to provide:
- infrastructure;
- workflow execution;
- authentication;
- storage;
- billing;
- security controls;
- operational tooling.
Appesco B.V. generally does not determine the business purpose of Creator-built Agents.
Creators
Creators create and configure Agents.
Creators determine:
- what an Agent does;
- what prompts are used;
- which AI models are selected;
- which integrations are connected;
- what data is processed;
- what outputs are generated.
Creators are responsible for ensuring that their Agents comply with applicable laws and regulations.
Buyers and Customers
Customers choose which Agents to run and what data to provide.
Customers are responsible for ensuring that they have the right to submit data to an Agent.
Typical Data Flow
A simplified workflow generally follows this pattern:
Customer
↓
Agent
↓
AI Provider(s)
↓
Optional Integrations
↓
Response Returned
The exact flow depends entirely on how the Creator configured the Agent.
Not every Agent uses every component.
What Happens When You Run an Agent
When a Customer executes an Agent:
- The Customer submits input.
- The Platform executes the workflow configured by the Creator.
- Data may be sent to one or more AI providers selected by the workflow.
- Data may be sent to integrations configured by the workflow.
- The resulting output is returned to the Customer.
The specific providers involved depend on the Agent's configuration.
AI Providers
Some Agents use third-party AI providers to generate outputs.
Examples may include:
- OpenAI
- Anthropic
- additional providers added in the future
AI providers are only involved when a workflow is configured to use them.
A request is not automatically sent to every provider supported by the Platform.
Current providers are listed on our Subprocessors page.
Integrations
Creators may connect Agents to external systems.
Examples include:
- CRM systems;
- internal databases;
- APIs;
- communication platforms;
- productivity tools;
- MCP servers;
- custom services.
These integrations are selected and controlled by the Creator.
Appesco B.V. does not generally determine the purpose of those integrations and does not review the business logic of individual workflows.
Creator Responsibility
Creators are responsible for:
- Agent behavior;
- workflow logic;
- prompts and instructions;
- connected integrations;
- compliance with applicable laws;
- disclosures made about their Agents.
Creators are also responsible for ensuring that personal data is processed lawfully.
Additional information is available in our Terms and Conditions.
Appesco's Role
Appesco B.V. provides the infrastructure used to execute workflows.
Our responsibilities generally include:
- Platform availability;
- authentication;
- billing;
- security controls;
- workflow execution;
- storage and retention controls;
- operational monitoring.
Appesco B.V. does not guarantee:
- the accuracy of Agent outputs;
- the legality of Creator-built workflows;
- the correctness of prompts;
- the suitability of outputs for any particular purpose.
Data Retention
By default:
| Data Type | Typical Retention |
|---|---|
| Run inputs | Approximately 3 days |
| Run outputs | Approximately 3 days |
| Uploaded files | Approximately 3 days |
| Billing records | As required by law |
| Security logs | As reasonably necessary for security purposes |
Retention periods may change as Platform features evolve.
Additional information is available in our Privacy Policy.
Automated Operations
The Platform is designed around automation-first operational principles.
Where practical, operational processes are performed through software and infrastructure automation rather than manual handling of customer data.
Examples include:
- workflow execution;
- infrastructure provisioning;
- monitoring and alerting;
- retention enforcement;
- backups;
- billing processes;
- payout processing.
This approach helps reduce operational risk and minimizes unnecessary access to customer data.
Additional information is available on our Security page.
Security
We implement technical and organizational measures designed to protect Platform infrastructure and customer data.
Examples include:
- encryption in transit;
- encryption of sensitive stored credentials;
- authentication controls;
- access controls;
- monitoring and logging;
- backup and recovery processes.
For details, see our Security page.
International Data Transfers
Depending on the AI providers and integrations used by a workflow, data may be processed outside the European Economic Area or the United Kingdom.
Where required by applicable law, Appesco B.V. implements appropriate safeguards for international transfers.
Additional information is available in our:
Questions
Questions regarding AI processing or data flows may be directed to:
Appesco B.V.
Voorburg, The Netherlands
Email: [email protected]