Skip to main content

Privacy Policy

DgiDgi is committed to protecting user privacy and handling data responsibly. This document describes our data handling practices for multi-tenant SaaS operations.

Data Classification

ClassificationExamplesHandling
PUBLICDocumentation, marketingPublicly available
INTERNALSystem logs, metricsPlatform access
CONFIDENTIALUser code, chat historyTenant-isolated
RESTRICTEDAPI keys, passwordsEncrypted, audited

Data We Collect

Account Data

DataPurposeRetention
Email addressAuthentication, communicationAccount lifetime
NameDisplay, personalizationAccount lifetime
Profile photoDisplayAccount lifetime
Organization nameMulti-tenant identificationAccount lifetime

Usage Data

DataPurposeRetention
Chat messagesService functionalityUser-configurable
Project filesService functionalityUser-configurable
Agent runsService functionality, debugging90 days
API requestsRate limiting, analytics30 days
Error logsDebugging, improvement14 days

Technical Data

DataPurposeRetention
IP addressesSecurity, rate limiting7 days
Device infoSecurity, compatibility7 days
Browser typeCompatibility7 days

Data Flow & Processing

LLM Processing Options:

  1. Platform LLM -- Data processed via platform's API keys
  2. Tenant LLM -- Data sent directly to tenant's provider
  3. Test LLM -- No external processing (testing only)

Third-Party Data Sharing

LLM Providers

When using Platform LLM mode, chat content is sent to LLM providers:

ProviderData SentPurpose
OpenAIMessage contentAI response generation
AnthropicMessage contentAI response generation
GoogleMessage contentAI response generation
Other providersMessage contentAI response generation

Important:

  • LLM providers process data according to their own privacy policies
  • Tenant LLM mode sends data directly to tenant's chosen provider
  • No chat content is used for training by enterprise API agreements

Infrastructure Providers

ProviderData TypePurpose
CloudflareRequest metadataEdge routing, security
SupabaseAll tenant dataDatabase hosting
Fly.ioRequest processingCompute hosting
ClerkAuth dataAuthentication

Data Isolation

Multi-Tenant Isolation

Cross-tenant access is technically impossible due to:

  • Row-Level Security at database level
  • Storage key validation at API level
  • Tenant ID verification on every request

Data Encryption

Encryption at Rest

Data TypeEncryptionKey Management
DatabaseAES-256 (Supabase)Managed by Supabase
Object StorageAES-256 (R2)Managed by Cloudflare
Tenant SecretsAES-256-GCMPlatform master key

Encryption in Transit

  • All traffic uses TLS 1.3
  • Certificate management via Cloudflare
  • No plaintext transmission of sensitive data

User Rights

Data Access

Users can request export of their data:

  • Project files and configurations
  • Chat history
  • Agent run logs
  • Account information

Data Deletion

Users can request deletion of:

  • Individual projects
  • Chat sessions
  • Entire account and all associated data

Data Portability

Export formats available:

  • JSON (structured data)
  • ZIP (files and projects)
  • CSV (tabular data)

Data Retention

Data TypeDefault RetentionUser Override
Account dataAccount lifetimeDelete account
Chat messagesIndefiniteDelete session
Project filesIndefiniteDelete project
Agent run logs90 daysEnterprise: custom
API request logs30 daysN/A
Error logs14 daysN/A
Security audit logs1 yearN/A (compliance)

Deletion Process:

  1. Soft delete (immediate) -- Data marked for deletion
  2. Hard delete (30 days) -- Data permanently removed
  3. Backup purge (90 days) -- Removed from backups

Privacy Controls

Tenant-Level Settings

Administrators can configure:

  • Data retention periods
  • LLM provider preferences (for data routing)
  • Audit log retention
  • Export permissions

User-Level Settings

Users can configure:

  • Chat history retention
  • Notification preferences
  • Data export format preferences

Cookies & Tracking

Essential Cookies

CookiePurposeExpiry
SessionAuthentication stateSession
CSRF tokenSecuritySession
PreferencesUser settings1 year

Analytics

  • Minimal analytics for service improvement
  • No third-party tracking pixels
  • No advertising cookies

Contact

For privacy inquiries: