Data Retention & Deletion
Questions: [email protected].
Retention Principles
Enji Guard should retain data only as long as needed to provide, secure, and support the service, meet legal obligations, resolve disputes, and maintain auditability.
Product reports, metrics, task/activity history, and operational logs are retained without a fixed time-based deletion schedule because they are operational records and part of the value Enji Guard provides to customers. They may remain available until the relevant project, repository, website, public summary, or account is deleted, revoked, or offboarded where supported.
Unlinking or revoking access to a repository stops future repository-backed use where supported, but it does not automatically delete historical audits, reports, task history, or operational records. Enji.ai keeps those records for security, investigation, auditability, and product-history purposes unless the customer sends a deletion request to [email protected].
Deletion and offboarding requests sent to [email protected] are processed within a maximum of 30 days. Customers may ask Enji.ai to delete all data associated with their account, project, repository, or website from Enji.ai active product systems where supported. Self-service deletion through the product interface is in development and should not be described as generally available until it ships.
Deletion from the active product may not immediately delete data from backups, logs, legal records, or admin audit records.
Enji.ai keeps one full-system rolling backup at a time. The backup is retained until the next backup replaces it, normally for no more than 30 days. Enji.ai does not keep a chain of all historical backups for Enji Guard. Data deleted from active product systems may remain in the rolling backup until that backup is replaced.
Retention Table
| Data category | Current understanding | Retention note |
|---|---|---|
| Account data | Owned by the Enji Fleet agents orchestrator; Enji Guard may mirror contact data for notifications/admin UX | Email deletion/offboarding requests processed within 30 days; UI in progress |
| Project/repo/site metadata | Stored by Enji Guard for product dashboards and setup flows | Covered by 30-day email deletion/offboarding path; rolling-backup caveat |
| GitHub installation claims | Stored per user installation/account | Covered by 30-day email deletion/offboarding path after revoke/delete |
| Runtime repository workspaces | Temporary isolated containers; removed with cloned repository code after task completion | No full repository clone retention |
| Task/activity data | Retained without a fixed time-based deletion schedule as customer-visible task history and operational records; repo unlink does not automatically delete history | Covered by 30-day email deletion/offboarding path; backup/audit exceptions |
| Audit/recon reports | Retained without a fixed time-based deletion schedule as product reports for security and investigations; may include metrics, logs, snippets, findings | Covered by 30-day email deletion/offboarding path; backup/audit exceptions |
| Autofix reports | Retained without a fixed time-based deletion schedule as product reports with issue/PR links; repo unlink does not automatically delete reports | Covered by 30-day email deletion/offboarding path; backup/audit exceptions |
| Auto-pentest consent | Stored separately from job and may survive disable/re-enable; renewed confirmation required on target/scope/ownership changes, reconnects, or after 12 months | Retained for auditability; deletion path subject to security/audit exceptions |
| Auto-pentest reports | Retained without a fixed time-based deletion schedule as product reports; may contain sensitive vulnerabilities | Private/authenticated by default; authorized users only; 30-day email deletion path |
| Public/private summaries | Private/authenticated by default; public/indexable only after explicit owner opt-in; retained until made private, revoked, deleted, or offboarded where supported | Public access can be revoked; deletion uses 30-day email/offboarding path |
| Feedback messages/screenshots | User-submitted feedback may be processed through third-party communication/support tooling and does not persist in the Enji Guard DB | User is responsible for not submitting secrets or unnecessary Customer Content |
| Email send ledgers | Retained without a fixed time-based deletion schedule for notification reliability and operational debugging | Covered by 30-day email deletion/offboarding path; backup/audit exceptions |
| Admin audit log | Append-only operational/audit record retained without a fixed time-based deletion schedule | Security/legal/audit records may be retained where required |
| Backups | One full-system rolling backup retained until the next backup replaces it, normally for no more than 30 days | Used for recovery; deleted active data may remain until backup replacement |
Deletion Controls
Depending on product role and configuration, customers can:
- delete projects, repositories, and websites in Enji Guard;
- disable schedules and improvement jobs;
- revoke GitHub App access in GitHub;
- make public summaries private or revoke them;
- contact [email protected] for access, export, correction, deletion, or offboarding requests, including a request to delete all data associated with the customer’s account, project, repository, or website.
Enji.ai reviews and handles access and export requests sent to [email protected]. Self-service export is not promised in this policy.
Enji.ai processes deletion and offboarding requests sent to [email protected] within a maximum of 30 days. Self-service deletion through the product interface is in development.
Deletion Effects
Unlinking, deleting, or revoking access to a project or repository should stop future product use of that object where supported. It may also cancel or pause related tasks/schedules depending on implementation.
Historical audits, reports, task history, and operational records remain in Enji.ai databases by default for security, investigation, auditability, and product-history purposes. If a customer wants those records deleted, they can send a deletion request to [email protected]; Enji.ai processes deletion and offboarding requests within a maximum of 30 days.
Existing reports, logs, artifacts, email records, admin audit records, or backups may remain after deletion from the active product where needed for operations, security, legal reasons, backup integrity, or auditability.
Because Enji.ai keeps one full-system rolling backup, data deleted from active product systems may remain in that backup until it is replaced by the next backup, normally within 30 days.
Data already sent to AI providers, coding tools, GitHub, email providers, feedback tooling, or other subprocessors may also be subject to those providers’ own public retention, security, and abuse-monitoring terms.
Customers are responsible for the content they submit through feedback and support channels and should not include secrets, credentials, unrelated personal data, or unnecessary Customer Content in feedback messages or screenshots.
Future Product Updates
When self-service deletion through the product interface ships, update this page to describe that flow.