Guiro

Privacy Policy

Last updated: April 12, 2026

1. Introduction

This Privacy Policy describes how Codulent LLC (“we”, “us”, or “our”) collects, uses, and protects information when you use guiro.io (the “Service”). By using the Service, you consent to the practices described here.

2. Information We Collect

We collect the following categories of information:

  • Account information: email address and a securely hashed password when you register with email/password. If you use a social login provider (Google, Apple, Microsoft, or GitHub), we receive your email address, display name, and profile avatar URL from the provider.
  • API key metadata: key names, creation timestamps, expiry dates, and revocation timestamps. We store a cryptographic hash of each key secret, never the plaintext secret itself after initial generation.
  • Published content: the A2UI dashboard bundles you submit, which may include charts, tables, text, and base64-encoded images. These are stored ephemerally.
  • Usage data: request timestamps, IP addresses, user agents, and API endpoint access patterns for rate limiting, security, and operational monitoring.

3. How We Use Your Information

  • To authenticate you and maintain your session.
  • To manage your API keys and enforce rate limits.
  • To store and render published guiro bundles for their configured TTL.
  • To send transactional emails (sign-in notifications, password reset, password change confirmations).
  • To monitor service health, detect abuse, and improve reliability.

4. Third-Party Services

We use the following third-party services:

  • Resend: for transactional email delivery (password reset, sign-in notifications). Resend receives recipient email addresses and email content.
  • Social login providers (Google, Apple, Microsoft, GitHub): for OAuth authentication. These providers share your email, display name, and avatar URL during sign-in.
  • Redis: for ephemeral content storage, session state, and rate limiting. Hosted within our infrastructure.

5. Cookies and Local Storage

The Service does not use tracking cookies. We use browser localStorage to store:

  • Your session access token (for authentication).
  • Your theme preference (light/dark mode), scoped per page where applicable.

6. Data Retention

  • Published guiros: automatically deleted after their TTL expires (default: 1 hour). No long-term copies are retained.
  • Account data: retained while your account is active. When you delete your account, it is disabled immediately and all associated data is permanently purged.
  • API key metadata: retained while your account is active. Revoked keys remain visible for up to 24 hours and are then removed from the interface.
  • Operational logs: retained for up to 90 days for security and debugging purposes, then deleted.

7. Data Security

We use industry-standard security measures including encrypted transport (TLS), hashed passwords, cryptographically signed short-lived access tokens, and scoped API key secrets. We do not store plaintext passwords or API key secrets after initial generation.

8. Your Rights

You may at any time:

  • Access your account information via the Account page.
  • Delete your account and all associated data.
  • Revoke any API keys issued to you.

For data access requests or questions, use the feedback button and we'll route them to the Guiro team.

9. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Continued use of the Service after changes are posted constitutes acceptance of the revised Policy.

11. Contact

If you have questions about this Privacy Policy, use the feedback button and we'll route them to the Guiro team.