01Overview & scope
EgisAI ("EgisAI", "we", "us") provides a runtime governance platform for AI agents and applications.
Customers install our open-source Python SDK (egisai), point it at our control plane at app.egisai.co, and use the dashboard to define and review policies, audit traces, and behavioural signals across their AI traffic.
This policy explains what data we handle when you (a) visit our marketing pages, (b) sign up for and use the EgisAI dashboard, or (c) run an application that calls into the EgisAI SDK and forwards governance metadata to our control plane.
It does not govern data your application separately sends to upstream model providers (OpenAI, Anthropic, Google, AWS Bedrock, etc.). Those calls go directly to the provider; EgisAI is not in the network path for the model response payload itself.
Deployment-mode caveat. Deployment modes may vary. This policy describes the current SDK and control-plane deployment described above. If Customer enables a deployment mode where EgisAI proxies model payloads, tool calls, connector traffic, or full request/response content, additional data categories and processing terms may apply and will be disclosed in the applicable order form, DPA, product notice, or updated policy before production use.
02Roles: controller vs. processor
Our legal role depends on what you're doing with EgisAI:
- Account & marketing data (your dashboard email, name, organisation, marketing-page analytics) — EgisAI is the controller.
- Governance telemetry submitted by your SDK (audit events, redacted prompt previews, verdicts, end-user identifiers you choose to attach) — your organisation is the controller, EgisAI is the processor. We process this data on your instructions to operate the governance platform on your behalf.
If you require a written Data Processing Addendum (DPA) reflecting this split, email sales@egisai.co — we ship one on request and it is signed before any production rollout in regulated industries.
Where required by GDPR Article 27 or the UK GDPR, EgisAI will identify its EU and/or UK representative in this policy or in the applicable Data Processing Addendum. Enterprise customers who need this contact before signature may request it from sales@egisai.co.
03What we collect
We try to be specific. Below is the actual list, organised by where the data comes from.
Account data (dashboard sign-up)
- Your work email and (optionally) display name.
- A salted password hash (we never store the password itself), or a Single Sign-On (SSO) identity from Google, Microsoft, or GitHub. For SSO we request the minimal scopes
openid email profileonly — never your inbox, drive, calendar, repos, etc. - The organisation (workspace) name you create, and the role assigned to each member (owner / admin / member).
- Short-lived email verification codes for sign-up confirmation and password reset.
- Refresh-token records (hashed) bound to your browser session for stay-signed-in Behavior.
Operational metadata (dashboard usage)
- IP address and basic request metadata, used for rate-limiting, abuse prevention, and authentication audit (e.g. "this token was last used from this IP at this time").
- Server access logs (timestamp, route, status code, latency) retained for short windows for debugging and incident response.
- API keys you create for your SDK — stored as a SHA-256 hash, plus the first few characters of the prefix so you can identify them in the dashboard. The plaintext key is only visible at creation time and never persisted server-side.
- Your in-app onboarding state and notification preferences.
Governance telemetry (SDK → control plane)
Each time your application makes a governed AI call, the SDK emits an audit event to our control plane. Fields include:
- A trace identifier, your organisation id, agent id, and the SDK API key id that authenticated the call.
- The model provider (
openai,anthropic,google,bedrock, …) and model name; status code; latency in milliseconds; whether the call was streamed; input/output token counts and an estimated USD cost. - The policy verdict (
allow/sanitize/block), the matched rule (if any), the rule's reason code, and the per-phase decision blocks (prompt_decision/response_decision). - A bounded text preview of the request and (when applicable) the response — always sampled post-redaction (see Section 05). Detected PII has already been replaced with typed labels such as
<SSN>or<EMAIL>before the preview is built. - When a sanitize policy fired, a structured tally of the types found (e.g. "2 SSNs, 1 IBAN") and the mask shape used — never the original values, never reversible hashes.
- An auto-generated one-line natural-language summary of what the call attempted ("intent summary") for the dashboard timeline.
- Identity attributes your application chose to attach via
set_context(): user id, user role, session id, workflow id, and (optionally) an opaqueend_user_id. We hashend_user_idagain on intake so even if your application accidentally sent a raw customer identifier, we don't persist it. - Runtime fingerprint of the host process on first handshake (Python version, OS, framework versions, SDK version). No personal data.
Tool, policy, and connector metadata. Depending on Customer configuration, telemetry may also include tool names, connector categories, workflow identifiers, policy identifiers, policy configuration metadata, enforcement mode, anomaly flags, security event types, and rule evaluation metadata. Customers should not place secrets, raw regulated data, or confidential free-text content in names, labels, policy titles, or configuration fields unless the applicable agreement permits it.
Communications
Email content you send to support@egisai.co, sales@egisai.co, security@egisai.co, etc., is retained for support history and incident response.
Marketing-site analytics
Our marketing site (egisai.co) sets first-party analytics cookies to count visits, sessions, and traffic sources. They load only after you grant analytics consent through the cookie banner, are hard-disabled until then, and run with IP anonymization on and cross-site signal sharing off. The dashboard at app.egisai.co loads no analytics. Full per-cookie detail and the providers we use are listed in §12 Cookies & tracking; you can change your choice any time via the Cookie preferences link in the footer.
04How we use it
We use the data above only for the following purposes:
- Operating the platform — authenticating you, enforcing policies, recording verdicts, surfacing anomalies, generating compliance evidence on your behalf.
- Maintaining security & integrity — preventing brute-force login, detecting abusive API key usage, investigating incidents.
- Improving the product — debugging issues, measuring feature adoption, prioritising the roadmap. Where this analysis touches governance telemetry, it is performed on your data only to serve your account, and any cross-customer analysis is performed on aggregated, non-identifying metrics (counts, latencies, verdict ratios).
- Communicating with you — sign-up flows, security alerts, billing notices, occasional product updates. Marketing emails always include an unsubscribe link and are off by default while we are in beta.
- Meeting legal obligations — responding to lawful requests, defending against legal claims, complying with applicable tax/audit rules.
We do not sell or rent personal data. We do not share governance telemetry with third parties for advertising, profiling, or training.
We may use aggregated, non-identifying operational metrics — for example counts of governed calls, latency distributions, and verdict ratios — to improve the reliability, performance, and usability of the Service. We do not use customer-specific prompt, response, or telemetry content for AI-model training, fine-tuning, benchmarking, or evaluation, except with written customer opt-in.
05Local-first redaction & minimisation
EgisAI was designed under one rule: raw regulated data must not leave the SDK boundary in clear form. We enforce that with a two-phase policy engine:
- Phase 1 (local, deterministic) runs entirely inside your process. It performs PII pattern detection (SSN, credit card, IBAN, email, phone, API-key-shaped strings, and operator-configured patterns), regex deny-lists, prompt-size caps, and model-allowlist checks. If Phase 1 blocks, the call is short-circuited; no LLM judge is consulted, no remote service is contacted.
- Phase 2 (remote, intent-oriented) consults our hosted semantic-guard judge only when Phase 1 has already allowed or sanitised the call. By the time the judge sees the prompt, detected PII has been replaced with typed labels (
<SSN>,<EMAIL>, …), so the judge always operates on a data-clean copy.
The audit-event preview shipped to our control plane is sampled after redaction, so what you see on the dashboard reflects what the upstream model actually saw — never the pre-redaction original. Sanitisation tallies in the audit row record type and count only, never the raw value, and never a hash that could reverse it.
If the local PII engine errors mid-evaluation, the call is treated as if sensitive content was detected (we fail closed on PII). The product's general availability fail-open Behavior, documented in our Terms of Service, does not extend to letting raw PII through.
06No training on customer data
We do not use customer data to train, fine-tune, or evaluate any AI model — neither our own nor third-party foundation models. We do not share customer data with third parties for that purpose.
The one LLM call EgisAI makes on the governance path is the semantic-guard judge. That call goes to OpenAI's API under contractual terms that, as of the date of this policy, prohibit training on API inputs and outputs without opt-in. The data we send the judge has already been redacted by Phase 1 (see Section 05).
Auto-generated dashboard summaries (the one-line intent narrative) are produced on the same basis: a small model receives the already-redacted preview, returns a 220-character sentence, and the prompt/response pair is not retained for training.
07Retention & deletion
Governance telemetry retention is plan-bound:
| Plan | Audit-log retention | Anomaly history | Notification history |
|---|---|---|---|
| Free | 7 days | 7 days | 7 days |
| Enterprise | 90 days (extendable by contract) | 365 days | 365 days |
Other data classes:
- Account & auth records — retained for the life of the account, plus a short window after deletion for billing reconciliation and abuse defence.
- Server access logs — short-lived (typically days, not months) and used only for debugging and security.
- Backups — backup copies are encrypted at rest and overwritten on a rolling schedule, typically within 30–90 days, unless a longer period is required for security, disaster recovery, legal hold, or compliance reasons. Deletion from live production systems is initiated promptly after a verified deletion request, subject to legal and security exceptions.
- Anonymous aggregate metrics — counts of governed calls, verdict ratios, latency distributions, and similar non-identifying numbers may be retained beyond the above horizons for product analytics.
Deletion & export
You can delete your workspace and request deletion of associated data at any time from the dashboard or by emailing support@egisai.co. We will confirm completion. Enterprise plans include bulk audit-log export for use in your own retention systems; ask your account contact or email support@egisai.co.
08Subprocessors
We use a small, deliberately short list of subprocessors to operate EgisAI. We will give customers reasonable notice in this section before adding a new subprocessor that processes governance telemetry.
| Subprocessor | Purpose | Data processed | Region |
|---|---|---|---|
| Neon (Databricks Inc.) | Managed Postgres hosting for the EgisAI database | Account, telemetry, audit-log rows | United States |
| Google Cloud Platform | Compute, networking, and storage for the EgisAI backend | All data at rest and in transit on our infrastructure | United States |
| OpenAI, L.L.C. | Semantic-guard judge model (Phase 2) and auto-generated dashboard summaries | Post-redaction prompt/response text only — typed labels in place of PII | United States |
| Resend, Inc. | Transactional email (verification codes, password reset, alerts) | Recipient email address and message body | United States |
| Google (Sign-In) | SSO — only when you choose Google as your sign-in method | OpenID sub, email, display name | United States |
| Microsoft (Entra ID) | SSO — only when you choose Microsoft as your sign-in method | OpenID sub, email, display name | United States / your tenant region |
| GitHub, Inc. | SSO — only when you choose GitHub as your sign-in method | OAuth id, email, login handle | United States |
Customers may request or subscribe to subprocessor change notices by emailing support@egisai.co. Where required by an applicable DPA, customers may object to a new subprocessor on reasonable data-protection grounds before that subprocessor is used to process their governance telemetry; we will work in good faith to provide an alternative or, if none is available, allow the customer to terminate the affected portion of the Service without penalty.
09International data transfers
EgisAI is operated from the United States. If you access the service from outside the United States, your data will be transferred to and processed in the United States and any other country in which we or our subprocessors operate. Where required, we rely on the European Commission's Standard Contractual Clauses (SCCs) and equivalent UK / Swiss addenda to provide appropriate safeguards for cross-border transfers. A signed copy can be issued under the DPA on request.
Our DPA includes transfer safeguards, including the European Commission's Standard Contractual Clauses (and the UK / Swiss addenda where applicable) and technical and organisational measures such as encryption in transit and at rest, access controls, audit logging, and data minimisation. A signed copy of the transfer annex is available under the DPA on request.
10Security
We take security seriously because the integrity of this product is our customers' integrity. Highlights:
- Encryption in transit for all SDK-to-platform and dashboard-to-platform traffic (TLS 1.2+).
- Encryption at rest via the underlying database and storage providers.
- Secrets minimisation — SDK API keys are stored as SHA-256 hashes; passwords as salted hashes; refresh tokens hashed and bound to device.
- Access control — production access is restricted to a short list of named engineers, requires SSO + multi-factor authentication, and is reviewed periodically.
- Audit-row integrity — audit previews are sampled from the post-sanitisation snapshot, by design, so the row is an honest record of what shipped.
- Vulnerability disclosure — email security@egisai.co. We aim to acknowledge within 48 hours and follow a 90-day responsible-disclosure window by default. See the SDK's SECURITY.md.
- Incident response — if we determine that a security incident materially affects your data, we will notify the relevant workspace owner without undue delay and, where applicable, within statutory windows.
Certification status. The platform is being built with SOC 2, ISO 27001, GDPR, HIPAA, and enterprise security expectations in mind. EgisAI is not currently SOC 2, ISO 27001, HIPAA, FedRAMP, PCI DSS, or other formally certified or attested unless expressly stated on the Security page with current supporting evidence. Customers must complete their own compliance assessment before relying on the Service for regulated workloads.
11Your rights (GDPR / CCPA / similar)
Depending on where you live, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete data (subject to legal-hold exceptions).
- Export data in a portable format.
- Restrict or object to certain processing.
- Withdraw consent where we relied on consent.
- Opt out of "sale" or "sharing" (CCPA) — we do not sell or share personal data for cross-context behavioural advertising, so there is effectively nothing to opt out of.
- Lodge a complaint with your local data-protection authority.
To exercise these rights, email support@egisai.co from the address on your account, or have your workspace administrator make the request on your behalf. We will respond within the timeframes required by applicable law (typically within 30 days).
If your data is in the platform as part of your employer's workspace, your employer is the controller for that telemetry — please direct the request to them first. We will assist them in fulfilling it.
California notice. If you are a California resident, the categories of personal information we may collect include identifiers (e.g. account email, hashed end-user identifiers), internet or other electronic network activity (request and audit metadata), commercial information (plan, billing records), professional or employment-related information (workspace role), and inferences drawn from service use (anomaly flags, telemetry-derived metrics). We use this information for the purposes described in the "How we use it" section above. We do not sell or share personal information for cross-context behavioural advertising, and there is no "sale" or "sharing" to opt out of under CCPA / CPRA.
12Cookies & tracking
We split cookies into three categories. You can grant or deny each one independently in the cookie preferences modal (footer → Cookie preferences) and change your mind any time.
1. Strictly necessary Always on
- Dashboard auth cookies / local storage at
app.egisai.co— hold your access and refresh tokens so you stay signed in. - Cookie-preference record stored in
localStorage['egisai-consent-v1']on the marketing site so we remember your choice for ~12 months.
Exempt from consent under the ePrivacy Directive Art. 5(3) ("strictly necessary for the provision of a service explicitly requested by the user").
2. Analytics Off by default
- First-party analytics cookies on the marketing pages only, used to count page views, sessions, and traffic sources. Loaded with IP addresses anonymized and cross-site signal sharing off, so visits are not merged into any cross-site advertising graph.
- The EgisAI dashboard at
app.egisai.coloads no analytics, advertising, or session-recorder scripts — only the auth storage above. - Current provider: Google Analytics 4 (subprocessor listed in §08). Cookies set:
_gaand_ga_*, 12-month lifespan.
3. Marketing Off by default
- Conversion attribution for our paid ad campaigns — so we can tell which ad clicks resulted in a booked demo. Fires only on the Trust Layer demo-booking page.
- No retargeting pixels, no session recorders, no cross-site fingerprinting on any page.
Analytics and marketing cookies load only after you grant consent through the on-page cookie banner. Until consent is granted (and immediately after consent is revoked), the analytics tag is hard-disabled, no analytics cookie is written, and no measurement beacon is sent. You can change your choices any time via the footer "Cookie preferences" link, and this page will be updated at the same time any new analytics or advertising tool is enabled.
13Children
EgisAI is a B2B developer tool. It is not directed at children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact support@egisai.co so we can delete it.
14Changes to this policy
We may update this policy as the product evolves. Material changes will be flagged with a new "Effective" date at the top of this page, and — for material changes that affect existing telemetry handling — we will notify workspace owners by email before they take effect. Continued use of the platform after the effective date constitutes acceptance.
Prior versions of this document are available on request at support@egisai.co. We will publish an on-site archive at /legal/archive once more than one version has been issued.
15Contact
Questions, requests, or comments:
- General privacy: support@egisai.co
- Security disclosures: security@egisai.co
- DPA / SCCs / contracts: sales@egisai.co
- Formal legal notices (per Terms): adriano@egisai.co
- Anything else: support@egisai.co
The contracting entity is Egis Labs, Inc., a Delaware corporation. Postal mail can be sent to the address disclosed under the DPA; if you need a postal address before signing a DPA, email sales@egisai.co and we will provide it.
Plain-English summary. We collect what we need to run the governance platform you signed up for, we redact PII locally before it leaves your process, we don't train models on your data, we keep a short, named list of subprocessors, and we will delete or export your data on request. If anything in this policy is unclear or surprises you, please tell us so we can fix it.