GertinAI

Legal

Privacy Policy

Last updated: January 15, 2025

1. Data We Collect

When you use the Gertin AI platform, Gertin AI collects only the minimum information necessary to provide the service. This includes: (a) account registration information such as organization name and email address; (b) API usage metadata including request counts, latency, and error rates; and (c) audit log entries that record which compliance functions were invoked. We do not collect, store, or process the content of your IAM policies, cloud configurations, security logs, or any other compliance data submitted to the API — that data is processed in-memory within your AWS environment and never transmitted to Gertin AI systems.

2. Data Processing Location

All AI inference and compliance analysis is performed exclusively within your AWS account using AWS Bedrock. No compliance data, logs, IAM policies, or security artifacts are transmitted to or stored by Gertin AI. Your data residency requirements are fully satisfied by default — all processing occurs within the AWS region you designate during deployment.

3. Usage of Collected Data

Account and billing information is used solely to manage your subscription, process payments, and communicate important service updates. API usage metadata is used for rate limiting enforcement, billing calculation, and aggregate service analytics. We do not sell, license, or share personal data with third parties for marketing or advertising purposes.

4. Data Retention

Account information is retained for the duration of your subscription and for seven years thereafter as required by applicable accounting and tax regulations. API usage logs are retained for 90 days. Upon subscription cancellation, you may request deletion of your account data by contacting privacy@gertinai.com. We will complete deletion within 30 days of a verified request.

5. Security

Gertin AI applies industry-standard security controls to all systems that store account and billing information, including encryption at rest (AES-256), encryption in transit (TLS 1.2+), access controls, and audit logging. We undergo annual third-party security assessments.

6. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, or delete personal data we hold about you. To exercise these rights, contact privacy@gertinai.com. We respond to verified requests within 30 days.

7. Contact

For privacy-related questions or requests, contact: privacy@gertinai.com Gertin AI, Inc. Privacy Officer support@gertinai.com