Privacy Policy

Giz Inc. ("Giz," "we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use Giz Space (the "Service").

By using the Service, you agree to this Privacy Policy. If you do not agree, do not use the Service.

1. Information We Collect

1.1 Account Information

• Email address, display name, profile picture (optional)
• Password (stored as cryptographic hash)
• OAuth identifiers (Google, GitHub)

1.2 Payment Information

• Billing address and payment method (processed by Stripe)
• We do not store full credit card numbers
• Transaction history and invoices

1.3 User Content

• Code, files, and data in your workspace containers
• AI conversation history and prompts
• Terminal commands and session logs

1.4 Automatically Collected

• IP address, browser type, device information
• Usage data: pages visited, features used, session duration
• Error logs and performance metrics
• Cookies and session tokens

2. How We Use Your Information

• Service Delivery: Provide and operate the platform
• Account Management: Authentication, access control
• Billing: Process payments, invoicing
• AI Features: Process prompts and generate responses
• Security: Detect fraud, abuse, and unauthorized access
• Support: Respond to inquiries and provide assistance
• Analytics: Improve service quality and performance
• Legal: Comply with laws and protect our rights

3. AI Data Processing

3.1 How AI Features Work

When you use AI features, your code and prompts are sent to third-party AI providers (currently Anthropic) for processing. The AI provider generates responses that are returned to you through our Service.

3.2 Training Data

Your data is not used to train AI models. We use Anthropic's API which does not train on customer data by default.

3.3 AI Provider Data Retention

AI providers may retain input/output data for safety monitoring and abuse prevention for a limited period (typically 30 days). See Anthropic's privacy policy for details.

3.4 Sensitive Code

We recommend not submitting highly sensitive code (e.g., proprietary algorithms, credentials, personal data) to AI features. Use environment variables and secrets management instead.

4. Legal Basis for Processing

For users in jurisdictions requiring a legal basis (EU/EEA/UK):

• Contract: Processing necessary to provide the Service
• Legitimate Interests: Security, fraud prevention, analytics
• Legal Obligation: Compliance with applicable laws
• Consent: Where explicitly obtained (e.g., marketing)

5. Information Sharing

5.1 We Do Not Sell Data

We do not sell your personal information to third parties.

5.2 Service Providers

5.3 Legal Disclosure

We may disclose information when required by law, court order, or government request, or to protect our rights, safety, or the safety of others.

5.4 Business Transfers

In the event of a merger, acquisition, or asset sale, your information may be transferred. We will notify you of any such change.

6. Data Retention

• Account Data: While active; deleted within 30 days of account termination
• User Content: While active; deleted within 30 days of account termination
• Payment Records: 7 years (legal/tax requirements)
• Usage Logs: 90 days
• AI Conversations: 90 days (deletable anytime via settings)
• Backups: 30 days after deletion request

7. Security

We implement reasonable security measures:

• TLS encryption for data in transit
• Encryption at rest for sensitive data
• Secure password hashing (bcrypt)
• Container isolation between users
• Role-based access controls
• Regular security assessments

No system is 100% secure. You are responsible for protecting your account credentials. Report security concerns to support@giz.ai.

8. International Transfers

Giz is based in the United States. Your data may be transferred to, stored, and processed in the US or other countries where our service providers operate. Data protection laws may differ from your jurisdiction.

For EEA/UK/Swiss users, we rely on Standard Contractual Clauses and your consent for transfers.

9. Your Rights

9.1 General Rights

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data
• Portability: Request data in machine-readable format
• Opt-out: Unsubscribe from marketing emails

9.2 California Residents (CCPA/CPRA)

• Right to know what data we collect and how we use it
• Right to delete your personal information
• We do not sell personal information
• Right to non-discrimination for exercising your rights

9.3 EU/EEA/UK Residents (GDPR)

• All rights listed above, plus restriction of processing
• Right to object to processing based on legitimate interests
• Right to lodge a complaint with your supervisory authority

To exercise any of these rights, contact support@giz.ai or use your account settings. We will respond within 30 days (or as required by law).

10. Cookies

• Essential: Authentication, session management, security
• Functional: Preferences, settings
• Analytics: Aggregated usage data (no personal tracking)

You can manage cookies in your browser settings. Disabling essential cookies may prevent the Service from functioning properly.

11. Children's Privacy

The Service is not intended for users under 18. We do not knowingly collect data from children. If you believe we have collected such data, contact us at support@giz.ai.

12. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days notice via email or in-app notification. Continued use after changes constitutes acceptance.