Privacy
Privacy Policy
Effective date: June 18, 2026
Enji Guard is designed for teams that need visibility into AI-written code without losing control of code, policies, or sensitive project data. This policy explains what we process and why.
1. What this policy covers
This Privacy Policy explains how Enji Guard handles information when you visit our website, request a demo, run a project check, use the product, or deploy Enji Guard in your environment.
It applies to website visitors, customer contacts, administrators, users, and people whose information may appear in project materials submitted to the Service. Enji Guard is provided by Enji.ai. In this policy, “the Service” means Enji Guard together with the Enji Fleet agents orchestrator. You can contact us at [email protected].
For customer project data processed during audits, we generally act as a processor on the customer's behalf; for website and account data, we act as a controller. Where we act as a processor, your instructions and any signed data processing agreement govern.
2. Information we collect
We collect the following categories of data:
- Account data — user id, email, name, role, account status, language and notification preferences.
- Product data — project, repository, and website names, membership and access metadata, dashboard settings, selected audit actions, and schedules.
- GitHub App data — installation identifiers, account/organization names, selected repository names, and related metadata such as branches, commits, pull requests, and issues.
- Execution data — runbook, task, and schedule ids, task status and activity, progress messages, issue/pull-request/report links, and generated artifacts.
- Customer content — repository code and files processed during execution, website responses observed during authorized checks, task inputs and prompts, and generated reports, findings, issues, pull requests, feedback, and screenshots.
- Communication data — demo and plan-upgrade requests, support and feedback messages, and email notification records.
- Technical data — IP address, request and device metadata, cookies and local/session storage values, logs, and security events.
3. Repository code and website data
Customer code and project data are processed to run audits and provide the Service. Execution workspaces are ephemeral and are removed after each task.
Reports, artifacts, and audit history may retain selected customer content — for example file paths, code snippets, diffs, observed HTTP responses, logs, screenshots, reproduction steps, and remediation recommendations — as product records.
You should configure repository access and permissions so the Service receives only the data needed for the audit scope you choose.
4. AI data use
Enji Guard does not train or operate Enji-owned foundation models on customer content. Selected task context and customer content may be sent to approved third-party AI and coding providers under their own data-use and retention terms.
We do not sell customer code or personal data, and we do not use it for unrelated advertising. Self-hosted and customer-controlled deployments can restrict approved providers and routes by agreement, including bring-your-own-AI with customer-controlled AI provider routes or credentials. See the AI Data Use page for details.
5. How we use information
To provide audits, generate findings, produce reports, support deployments, troubleshoot issues, and improve product reliability.
To respond to demo requests, free project checks, support tickets, procurement questions, security reviews, and customer communications.
To protect the Service, prevent abuse, investigate security events, enforce terms, and comply with legal obligations.
6. Sharing and subprocessors
We share information with categories of service providers that help us operate the Service: repository hosting and integration, authentication, approved AI and coding providers, transactional email, feedback and support tooling, CDN and security edge, and hosting and infrastructure. The current list of named providers is available on request.
We may also share information when required by law, to protect rights and security, in connection with a business transaction, or with your consent. We do not sell personal information. See the Subprocessors page for the provider categories.
7. Cookies and browser storage
We use cookies and browser storage for authentication and sessions, language and theme preferences, setup state, and basic product and usage analytics.
Where required, we ask for consent to non-essential cookies, and you can manage preferences in your browser.
8. Human access
Access to customer content by our team is limited to support, security, incident response, and abuse prevention, on a least-privilege, need-to-know basis.
9. Retention and deletion
We keep information for as long as needed to provide the Service, maintain audit history, support customers, comply with legal obligations, resolve disputes, and enforce agreements. Retention is purpose-based and may differ by data type, deployment model, and agreement.
Execution workspaces are temporary, while reports, findings, artifacts, logs, and audit history are retained as product records. Revoking access or deleting a project stops future use but does not automatically delete historical records. You can request deletion or offboarding at [email protected]. Some records may remain in backups, logs, or audit records for a limited period and where required for legal or security reasons. See the Data Retention & Deletion page.
10. International use
Enji Guard may be used by customers in multiple regions. Information may be processed in countries other than where it was collected, depending on the deployment model and service providers involved.
Where required, we use appropriate contractual or technical safeguards for cross-border processing.
11. Your choices and rights
Depending on your location, you may have rights to access, correct, delete, restrict, or export personal information, or object to certain processing. You can also revoke the GitHub App, delete projects, repositories, or sites, and disable schedules and jobs; this stops future use, while retained product records are handled as described in “Retention and deletion” above.
You can contact us at [email protected] to make a request; we may need to verify your identity and authority first. Data processing agreements, regional privacy terms, and subprocessor-change commitments are available through signed customer-specific agreements.
12. Changes to this policy
We may update this Privacy Policy as Enji Guard, deployment models, or legal requirements change. The updated version will be posted on this page with a new effective date.
Enji Guard