Enji
Start free demo

Privacy Policy

Effective date: 7 June 2026

Enji Guard is provided by Enji.ai. For privacy, legal, security, or support questions, contact us at [email protected].

1. What Enji Guard Does

Enji Guard helps customers understand and improve the reliability, security, and quality of their software. Customers may be individuals, companies and other organizations, or maintainers of open-source projects. Customers connect repositories and websites, run audits, review reports, schedule improvement jobs, and, where enabled, let agents open GitHub issues or pull requests.

Enji Guard is intended for global availability. Privacy, export, correction, or deletion requests can be sent to [email protected].

Selected work is executed by the Enji Fleet agents orchestrator. Enji Guard is the customer-facing product layer. The Enji Fleet agents orchestrator handles agent execution, task lifecycle, runbooks, schedules, artifacts, authentication, and permissions.

2. Data We Collect

We collect and process data needed to provide, secure, and support Enji Guard.

Account Data

This may include your user id, email address, display name, role, account status, access-code state, language preference, notification preferences, and Demo/Pro product mode.

Authentication is handled through the Enji Fleet agents orchestrator and may use Google OAuth or another configured identity flow.

Product Data

This may include project names, repository names, website URLs, project membership and access metadata, favorite/reorder preferences, dashboard settings, selected audit actions, schedules, and product configuration.

GitHub App Data

When you connect GitHub, we may process GitHub App installation identifiers, GitHub account or organization names, selected repository names, repository verification metadata, branches, commits, pull requests, issues, and related metadata needed to run selected actions.

Execution Data

This may include runbook ids, task ids, schedule ids, task status, task activity, progress messages, task descriptions, output language, issue links, pull-request links, report links, and generated artifacts.

Customer Content

Customer Content may include repository code and files processed during execution, website responses observed during authorized checks, task inputs, agent prompts created from your settings, generated reports, typed JSON artifacts, markdown reports, executive summaries, GitHub issues and pull requests, feedback messages, and screenshots you submit.

You are responsible for the content you submit through feedback and support channels. Do not include secrets, credentials, unrelated personal data, or unnecessary Customer Content in feedback messages or screenshots.

Communication Data

This may include demo requests, Pro requests, support or feedback messages, email notification records, and delivery metadata.

Technical Data

This may include IP address, request metadata, browser/device metadata, cookies, local/session storage values used by the product, logs, and security events.

3. Repository Code And Website Data

Enji Guard stores product metadata about repositories and websites so the dashboard can show projects, connected repositories, linked sites, schedules, reports, and history.

The Enji Fleet agents orchestrator may clone, read, analyze, or modify selected repositories only to perform actions you request or configure, such as audits, reports, autofixes, scheduled improvement jobs, and GitHub issue or pull-request creation.

Repository workspaces are temporary. Repository-backed tasks run in isolated containers, and those containers are shut down and removed with the cloned code after the task completes. Enji Guard and the Enji Fleet agents orchestrator do not retain full repository clones after task completion.

For authorized website checks, the Enji Fleet agents orchestrator may send requests to the selected website and observe responses only to perform the selected check. Some checks may include active security-testing payloads after you confirm authorization.

Reports and artifacts may include file paths, line references, code snippets, diffs, stack traces, HTTP responses, screenshots, reproduction steps, metrics, logs, vulnerability descriptions, and remediation recommendations. These records are retained because they are operational records and part of the value Enji Guard provides. Treat these reports as confidential.

4. AI Data Use

Enji Guard does not train or operate its own foundation models.

Enji Guard uses approved third-party AI model providers so the Enji Fleet agents orchestrator can perform selected work. Customer code and task data should be sent only to approved providers and routes with documented public data-use and retention terms. Some provider routes may retain limited abuse-monitoring logs or other technical state according to the provider’s published terms.

Customers with strict provider, residency, or retention requirements can contact Enji.ai about a separately priced and contracted on-premises or customer-controlled deployment where the customer chooses and controls which AI providers are connected to that environment.

We do not sell Customer Content. We do not use Customer Content to train Enji-owned foundation models.

More detail is available in AI Data Use.

5. How We Use Data

We use data to:

  • authenticate and authorize users;
  • connect and verify GitHub repositories;
  • run audits, reports, autofixes, schedules, and authorized website checks;
  • render dashboards, history, reports, and executive summaries;
  • create GitHub issues, pull requests, comments, or related output when you enable those actions;
  • send transactional emails and product notifications;
  • respond to demo, support, Pro, privacy, security, and feedback requests;
  • debug, monitor, secure, prevent abuse, and maintain the service;
  • comply with legal obligations.

6. Sharing And Subprocessors

We share data with subprocessors only as needed to provide, secure, and support Enji Guard.

Subprocessors may include GitHub, Google/Google Cloud for OAuth sign-in and hosting, approved AI model and coding tool providers, email providers, Cloudflare for CDN/security edge, and third-party communication/support tooling for feedback handling.

Database, object-storage, observability, logging, and backup/restore components are open-source or self-hosted technologies rather than separate third-party subprocessor vendors in this policy.

The current list is available in Subprocessors.

We do not sell personal data or Customer Content.

7. Cookies And Browser Storage

Enji Guard and the Enji Fleet agents orchestrator may use cookies and browser storage for authentication, session handling, language preference, theme preference, saved setup-flow state, and local development.

Known examples include:

  • authentication cookies issued by the Enji Fleet agents orchestrator;
  • enji-guard.lang cookie and localStorage language hint for the public landing page;
  • localStorage theme preference;
  • sessionStorage state used during the GitHub App setup flow;
  • local development token storage in development-only flows.

8. Public Executive Summaries

Enji Guard can generate repository executive summaries from completed audit reports.

By default, summaries are private and visible only inside Enji Guard to authorized users after authentication.

A summary becomes publicly accessible or indexable only if the owner explicitly chooses to publish it after seeing a warning. Public summaries may be viewed by anonymous visitors and may be indexed by search engines until the owner makes the summary private, revokes access, or deletes it where supported.

Do not publish or index a summary if it contains information you do not want shared outside your organization.

9. Human Access

Enji personnel may access customer data only when needed for support, security, incident response, abuse prevention, maintenance, or authorized engineering operations.

Access should be limited to people with a need to know. Where admin access logs exist, they should be used to support accountability.

Support engineers do not inspect repository code for ordinary support requests. For ordinary troubleshooting, support engineers may review service logs and operational metadata when a customer reports that something did not work as expected.

If Enji.ai detects or reasonably suspects a security incident, abuse, malicious prompt injection, harmful agent instruction, attempted misuse of the service, or activity that may harm Enji.ai, other customers, third parties, or the public, authorized security personnel may investigate relevant repository content, generated artifacts, task inputs, logs, and related records without a separate customer approval step. Enji.ai may escalate such incidents to appropriate law-enforcement or regulatory authorities when required or appropriate.

10. Retention And Deletion

We retain data for as long as needed to provide the service, maintain security, meet legal obligations, resolve disputes, and support legitimate business operations.

Product reports, metrics, task/activity history, and operational logs are not subject to a fixed time-based deletion schedule because they are operational records and part of the value Enji Guard provides.

Deletion and offboarding requests sent to [email protected] are processed within a maximum of 30 days. You may ask Enji.ai to delete all data associated with your account, project, repository, or website from Enji.ai active product systems where supported. Self-service deletion through the product interface is in development.

Unlinking or revoking access to a repository stops future repository-backed use where supported, but it does not automatically delete historical audits, reports, task history, or operational records. Enji.ai keeps those records for security, investigation, auditability, and product-history purposes unless you send a deletion request to [email protected].

Enji.ai keeps one full-system rolling backup at a time. The backup is retained until the next backup replaces it, normally for no more than 30 days. Data deleted from active product systems may remain in the rolling backup until that backup is replaced. Some data may also be retained in audit records after deletion from the active product where needed for security, legal reasons, or auditability.

Current retention details are documented in Data Retention & Deletion. Self-service export is not promised in this policy.

11. Your Controls

Depending on your role and product configuration, you can:

  • revoke GitHub App access from GitHub;
  • delete projects, repositories, and websites in Enji Guard;
  • disable schedules and improvement jobs;
  • make public summaries private or revoke them;
  • change language and email notification preferences;
  • contact [email protected] to request access, export, correction, deletion, or offboarding. Enji.ai will review and handle access and export requests sent by email. You may also ask Enji.ai to delete all data associated with your account, project, repository, or website. Email deletion and offboarding requests are processed within a maximum of 30 days; self-service deletion through the product interface is in development.

12. Changes

We may update this Privacy Policy as Enji Guard changes. The effective date identifies the current version.

This Privacy Policy does not include dedicated regional privacy-rights sections, separate DPA terms, or a subprocessor-change notice workflow.