Privacy Policy

Effective date: May 2, 2026 · Last updated: May 2, 2026

This Privacy Policy explains what personal data Enhanciar ("we", "us") collects when you use our service, how we use it, and your rights over it. We've tried to keep it straightforward — read it carefully and email privacy@enhanciar.in with any questions.

1. Who is responsible for your data

Enhanciar is operated by Enhanciar, Bengaluru, Karnataka, India. We are the data controller for the personal information described in this policy. For data-protection enquiries, contact privacy@enhanciar.in.

2. What we collect

From you directly

• Identity: Name, email, profile picture (from Google sign-in)
• Profile (optional): Role, team size, use case if you fill those in during onboarding
• Communications: Anything you type into the chat, support emails, or voluntarily upload

From the sources you connect

Enhanciar only reads the sources you explicitly connect, and only with the scopes you grant. Depending on which connectors you enable, this can include:

• GitHub: repo metadata, commit metadata, and the contents of repositories you choose to ingest
• Slack: messages and threads in the channels the Enhanciar bot is added to, plus channel and user metadata
• Gmail: the email threads in the inboxes you connect (read-only), including subjects, bodies, and participants
• Google Drive: the documents, sheets, and files you grant access to (read-only)
• The wiki/graph we generate from the above, the queries you run, and the AI responses

Through using the service

• Usage data: Which features you use, token counts, query history, IP address, browser type, request timestamps
• Cookies / local storage: A Firebase auth session token, plus minimal performance telemetry

From third parties

• Razorpay (payments): payment method, last-4, billing address if you provide one. We do not see your full card number — Razorpay handles that.

Bring-your-own-key (BYOK) AI providers — important

Enhanciar is a bring-your-own-key product. When you ask a question or run an ingest, the relevant content from your connected sources (Slack threads, emails, Drive docs, code, etc.) is sent to the AI provider whose API key you supply so it can generate an answer. Depending on which model you choose, that provider is one of:

• Google (Gemini API)
• OpenAI
• Anthropic
• A custom / self-hosted endpoint you configure (e.g. Groq, Together, OpenRouter, Ollama)

When you use your own key, your data is transmitted to that provider and handled under that provider's terms and your account settings with them — not ours. We recommend using API-tier keys (which, for OpenAI and Anthropic, are not used for model training by default) rather than consumer keys. We never use your data to train any model ourselves.

3. How we use your data

• To provide the core service — ingest your code, build a wiki, answer your queries
• To bill you and prevent abuse
• To send essential account and security emails via Firebase (e.g. email verification, password reset). Payment receipts and invoices are available for download in-app under Settings → Billing.
• To improve the product (aggregate usage stats; never individual queries)
• To comply with legal obligations (tax, fraud prevention)

We do not sell your data, and we do not use your code, messages, or queries to train any AI model. (When you use a BYOK provider, that provider's training/retention behaviour is governed by your account and their terms — see the BYOK section above.)

4. Where your data lives

Data is stored on Google Cloud Platform infrastructure in Mumbai (asia-south1). Services we use (Razorpay, GitHub, Slack, Google, and any BYOK AI provider you select — OpenAI, Anthropic, etc.) may process data in their own regions; we list them as subprocessors below.

5. How long we keep it

• Active account: for as long as your account exists
• Wiki content: until you delete it or your account
• Audit logs: 12 months
• Payment records: 8 years (mandatory under Indian tax law)
• After account deletion: personal data is removed within 30 days, except where law requires retention

6. Your rights (DPDP Act 2023, GDPR, CCPA)

• Access — see what we have on you. Use the "Export account data" button in Settings.
• Correction — fix it via Settings or by emailing us
• Deletion — "Delete account" in Settings. Honored within 30 days.
• Portability — the export gives you everything as a zip
• Objection — opt out of marketing emails (we don't send any yet, but legally we have to mention this)

7. Subprocessors

We share data with these companies, who act on our behalf or process data when you connect the relevant source:

• Google Cloud Platform — hosting, Firestore, Cloud Storage
• Firebase (Google) — authentication
• Razorpay — payment processing
• GitHub (when you connect a repo) — source-code access
• Slack (when you connect a workspace) — message/thread access
• Google Workspace — Gmail & Drive (when you connect them) — email/file access
• AI model providers under BYOK — whichever you select: Google (Gemini), OpenAI, Anthropic, or a custom endpoint you configure. Your connected-source content is sent to this provider to generate answers.
• Sentry — error monitoring (error stacks; may incidentally contain identifiers)

8. Security

Data in transit is TLS 1.2+. Data at rest is encrypted by Google Cloud's default at-rest encryption. Authentication tokens are short-lived (1 hour) and rotated automatically. We've structured the codebase so customer code/queries are isolated per-tenant by Firebase UID.

9. Children

Enhanciar is not directed at children under 16. If we learn that we've collected data from a child under 16, we'll delete it.

10. Changes to this policy

We'll email you about material changes 30 days before they take effect. The current version is always at this URL.

11. Contact us

Questions, requests, or complaints: privacy@enhanciar.in.