Privacy

How Guni handles data

This page explains the hosted-product privacy posture in plain English for prospects, design partners, and customers evaluating the service.

What we collect

Depending on the product area you use, Guni may process account information, API-key metadata, billing state, waitlist or pilot requests, and scan-related telemetry such as page HTML, agent goal, decision output, and evidence returned by detectors. Demo-mode browser sessions are intentionally treated differently and are not meant to persist like normal customer traffic.

How we use it

  • To authenticate accounts, issue API keys, and support the customer portal.
  • To return security decisions, evidence, analytics, and audit visibility for customer workflows.
  • To operate the hosted service, respond to support issues, and improve product reliability.
  • To handle early-access, pilot, and commercial conversations when you explicitly submit those forms.

Retention

Hosted customer state is retained in the configured application datastore and runtime logs according to the deployment setup. Demo-only browser history is designed to stay session-local in the browser and should not be treated as durable customer storage. Self-hosted deployments control their own retention posture.

Customer controls

  • Self-host the SDK or API for tighter control over runtime data.
  • Use production API keys and session auth instead of public demo routes.
  • Request account updates or deletion help via arihantprasad45@gmail.com.
  • Review the public trust posture on Security and live availability on Status.