Privacy Policy

Last updated: June 2026

1. About This Policy

Günther AI (“we”, “us”, “our”) is committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) and applicable data protection law. This policy explains what data we collect, why we collect it, how we use it, and your rights as a data subject.

2. Information We Collect

  • Account data: name, email address, and password hash (never stored in plain text).
  • Usage data: API request counts, token counts, model used, and latency — used to enforce plan limits and generate invoices.
  • Chat history: conversation messages stored in our database to enable history, search, and session continuity.
  • Billing data: subscription status managed by our payment processor (Creem). We do not store card details.
  • Technical data: IP address and user-agent logged on API requests for security and abuse prevention.

3. How We Use Your Data

  • To provide and improve the Günther AI service.
  • To enforce plan limits and charge for usage.
  • To send transactional emails (billing, security alerts) — you may opt out of product emails in account settings.
  • To investigate abuse and protect the security of the platform.

We do not use your conversations to train AI models. Your chat content is not shared with third parties except as required to deliver the service (see Section 4).

4. Third Parties & Data Flows

To generate AI responses, your message content is sent to Groq Inc. as the inference provider. Groq processes prompts to produce responses. Plaintext content leaves Günther's infrastructure at this point — this is an unavoidable property of AI inference. Groq's data handling is governed by their own privacy policy.

Other sub-processors: Prisma / Supabase (database hosting), Creem (payment processing), Resend (transactional email).

5. Data Storage & Security

Conversation messages are stored in a PostgreSQL database. Passwords are hashed with bcrypt before storage. API keys are stored as hashed values — the full key is only shown once at creation.

We implement reasonable technical and organisational measures to protect your data. No internet transmission is completely secure; we cannot guarantee absolute security.

6. Your Rights (POPIA)

Under POPIA, South African data subjects have the right to:

  • Access personal information we hold about you.
  • Request correction of inaccurate information.
  • Request deletion of your account and associated data.
  • Object to processing of your personal information.
  • Lodge a complaint with the Information Regulator of South Africa.

To exercise these rights, contact us at privacy@gunther.ai. We will respond within 30 days.

7. Data Retention

We retain your data for as long as your account is active. You may delete your account at any time from account settings, which will permanently delete your conversations, API keys, and personal information within 30 days.

8. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated by email and by updating the “Last updated” date above.

9. Contact

Information Officer: Günther AI
Email: privacy@gunther.ai

Home·Terms of Service·Sign in