Privacy Policy

This policy explains what Gubernator (“we”, operated by [Company / sole proprietor name]) collects, why, and your rights. It is written with South Africa’s POPIA and the EU/UK GDPR in mind.

1. What we collect

• Account: your email address and a securely hashed password (we never store your password in plain text).
• Server connections: the hostname, port, and username of servers you connect, and their password/credentials — stored encrypted (see Security).
• Credential vault: API keys, tokens and secrets you choose to store — stored encrypted.
• Conversations & memory: your chat with the assistant, the agent’s output, durable “memory” facts, and a task history.
• Operational logs: limited technical logs needed to run and secure the Service.

2. How we use it

Solely to provide the Service: to connect to your servers on your instruction, run the assistant and agent, remember context across sessions, process billing, secure the Service, and contact you about your account (e.g. verification, password reset, important notices).

3. Sharing with third parties

• Anthropic: to generate responses, your messages and relevant context (which can include server output you ask about) are sent to Anthropic’s Claude API under your own API key.
• Payment processor (PayPal): handles your payment; we do not store card details.
• Email provider: used to send verification and password-reset emails.
• We do not sell your data or use it for advertising.

4. Security

• Server credentials, vault secrets, and API keys are encrypted at rest using per-user keys (envelope encryption); a database copy alone cannot decrypt them without the separately-held master key.
• Passwords are hashed with bcrypt. Access requires authentication; sessions use signed tokens.
• No security is perfect. You are responsible for keeping your own password and credentials safe.

5. Retention & deletion

We keep your data while your account is active. You can delete your account at any time from Settings, which removes your stored credentials, server connections, vault, memory, tasks, and conversation history. Some minimal records may be retained where required by law (e.g. billing records).

6. Your rights

Subject to applicable law, you may request access to, correction of, or deletion of your personal information, and object to certain processing. Contact us at privacy@gubernator.co.

7. Cookies

We use a single essential session cookie to keep you signed in. We do not use advertising or third-party tracking cookies.

8. International transfers

Third parties we use (e.g. Anthropic, PayPal) may process data outside your country. By using the Service you acknowledge this transfer where necessary to provide it.

9. Changes

We may update this policy; material changes will be notified by email or in-app.

10. Contact

Data queries: privacy@gubernator.co. Responsible party / contact: [Company / sole proprietor name and address].