Giani AIGiani.AI

Privacy Policy

Simple and transparent. Here's how we handle your data.

Effective Date: March 15, 2026

Last Updated: March 31, 2026

Giani.ai is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect personal data when you use the Giani.ai platform, including our web application and Microsoft Word and PowerPoint add-ins.

1. Data Collection & Use

Types of Data Collected:

User Profile Information

When users create or access an account, we may collect:

  • Name
  • Email address
  • Microsoft account ID (if authentication occurs through Microsoft)

Uploaded Content

Users may upload files including:

  • PDF, DOCX, PPTX, CSV, Excel files, Images

These files may be processed to generate summaries, embeddings, search results, and structured outputs necessary to provide Giani.ai services.

Usage Data

We may collect limited technical information including:

  • API request logs
  • Session identifiers
  • Login and logout activity
  • Client IP address
  • Browser user-agent
  • Client platform type (web application or Microsoft add-in)

Purpose of Data Use

We use collected data to:

  • Provide document analysis and AI-powered services
  • Authenticate users and maintain sessions
  • Monitor system usage and enforce fair use policies
  • Improve service reliability and performance
  • Provide technical support
  • Detect misuse, fraud, or security risks

Sensitive Personal Data

Giani.ai processes name and email address as personal data. Uploaded files may contain sensitive information, which is processed only to deliver the requested service.

Model Training

Giani.ai does not use customer data to train AI models.

2. Data Processing Roles:

For customer-uploaded content and project data, Giani.ai acts as a Data Processor, processing such data solely on behalf of the customer (who acts as the Data Controller) and in accordance with their instructions.

For account management, billing, and platform-related data, Giani.ai may act as a Data Controller.

3. Data Ownership and Control:

Customers retain full ownership of all uploaded content, project data, and generated outputs. Giani.ai does not claim any ownership rights over customer data.

Users have full control over their data, including the ability to access, export, and delete their data at any time, subject to applicable technical limitations.

4. Security Architecture:

Giani.ai is hosted on Microsoft Azure within a controlled Giani-managed environment and is designed with a security-by-design approach.

Customer data, including project files, research, emails, and analytical models, is securely processed and stored within the platform. The platform uses a private knowledge base architecture to enable secure, retrieval-based access to customer data while maintaining strict data isolation.

Backend services operate exclusively within Giani.ai’s controlled cloud environment, and customer data does not leave this environment during normal operation.

5. Encryption and Transport Security:

Giani.ai implements strong encryption standards to protect data:

  • Data is encrypted at rest using AES-256 encryption
  • Data is encrypted in transit using TLS 1.2 or higher
  • Temporary document previews and access links are secured using short-lived, signed URLs

These measures ensure secure handling of data throughout its lifecycle.

6. Data Isolation and Tenancy:

Customer data is logically segregated by company and tenant at the storage and application layers. Data from one customer is not pooled, shared, or used within another customer’s environment. Each customer’s data is processed independently within its own isolated context.

All services operate within Giani.ai’s controlled cloud tenant, ensuring that customer data remains contained within defined boundaries.

7. Access Controls:

Giani.ai enforces strict identity-based access controls across the platform:

  • Role-Based Access Control (RBAC) is implemented across systems
  • Access is granted based on authenticated identity and role permissions
  • Backend services use managed identities for secure access to resources
  • Storage systems, databases, and indexing layers are permission-controlled

Access to customer data is restricted to authorized personnel on a need-to-know basis and can be centrally revoked at any time. Additional safeguards, such as network-level restrictions (e.g., IP whitelisting), may be applied where appropriate.

8. AI Processing and Data Usage:

User inputs, including prompts, uploaded files, and content, are processed to generate outputs within the platform. Customer data, including documents, chats, and project materials, is used solely to provide services within the customer’s environment. Giani.ai does not use customer data to train shared or generalized AI models and does not incorporate customer data into cross-customer datasets.

Limited processing of user data may occur for debugging, performance monitoring, service improvement, and quality assurance, subject to strict access controls and confidentiality obligations.

AI outputs are generated using retrieval-based techniques grounded in the customer’s own data, enabling source-backed responses with traceable citations.

9. Third-Party Integrations:

Giani.ai integrates with third-party platforms such as Microsoft PowerPoint, Microsoft 365, and related services. Data accessed through these integrations is governed by the respective third-party privacy policies and user-granted permissions.

Giani.ai only accesses and processes data necessary to provide its functionality and does not control how third-party platforms process user data.

10. Data Breach Notification:

In the event of a data breach affecting personal data, Giani.ai will notify affected users without undue delay, as required by applicable law. Notifications will include relevant details about the nature of the breach, the data affected, and steps taken to mitigate potential risks.

11. Document Processing and Auditability:

Uploaded documents are securely ingested, processed, and stored within the platform’s private knowledge base. Giani.ai implements safeguards to ensure that generated outputs are grounded in source data, including the use of citations and references. This supports transparency, auditability, and user verification of generated content.

12. Security Testing and Improvements:

Giani.ai follows a continuous improvement approach to security and may conduct vulnerability assessments, including application-level and infrastructure-level testing. Identified issues are addressed through remediation processes to enhance the overall security posture of the platform.

13. What We Do Not Do

  • Sell or rent personal data to third parties
  • Use customer data for advertising purposes
  • Train generalized AI models on customer data
  • Perform automated decision-making or profiling that produces legal or significant effects

14. Legal Basis for Processing (GDPR)

Where GDPR applies, data may be processed under:

  • Performance of a contract
  • Legitimate business interests
  • Legal obligations
  • User consent

15. Data Storage & Retention

Data Storage

Data is stored using Microsoft Azure infrastructure:

  • Azure Blob Storage
  • Azure-hosted PostgreSQL databases

Data Retention

Data is retained:

  • While user projects are active
  • Up to 12 months after account termination (unless required otherwise)

Data Deletion

  • Users can delete projects anytime
  • For full account deletion: info@giani.ai
  • Associated files, embeddings, and metadata are deleted per policy

Backups

Data may exist in backups for disaster recovery for a limited period.

16. Data Security Measures

Encryption

  • • In Transit: HTTPS encryption
  • • At Rest: Azure encryption
  • • Add-ins: Encrypted communication

Access Controls

Access is restricted to authorized personnel and systems.

Authentication

Secure token-based authentication with refresh tokens and cookies.

Security Monitoring

Automated systems detect misuse or abnormal activity.

17. Data Sharing & Sub-Processors

Sub-Processors

  • Microsoft Azure – hosting & storage
  • Anthropic – AI processing (yet to be confirmed)
  • Google Gemini – AI processing (yet to be confirmed)

Prohibited Providers

No use of Chinese AI providers (e.g., DeepSeek).

Legal Disclosure:Required by law
Monetization:None

18. International Data Transfers

Data may be processed via Azure infrastructure across jurisdictions with safeguards.

19. Cookies and Tracking

Cookies Used

accessTokenrefreshToken

Security attributes: HttpOnly, Secure, SameSite=None

System Monitoring

Tracks:

  • API usage
  • Session activity
  • Feature usage

Third-Party Trackers

Giani.ai does not include advertising trackers or third-party analytics platforms.

20. User Rights

Users may have rights to:

Access personal data
Correct inaccurate data
Request deletion
Restrict processing
Data portability
Object to processing

Contact: info@giani.ai

21. Data Breach Notification

Users will be notified if a data breach occurs where required by applicable law.

22. Additional Information

  • Users retain ownership of their uploaded content and generated results
  • Platform is not intended for children

23. Policy Updates

Updates may be communicated via:

  • Website notices
  • Application notifications
  • Updated effective dates within this document

24. Contact Information

General Inquiries

info@giani.ai

Mailing Address

Longani Consulting LLC
Shams Business Center
Sharjah, UAE

© 2026 Giani.ai. All rights reserved.