Privacy policy

Last updated: April 2026

01.Overview

DrGUI ("we", "us", "our") operates the drgui.in website and provides an AI-powered website navigation SDK (the "Service"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

By using our Service, you agree to the collection and use of information in accordance with this policy.

02.Data We Collect

2.1 At Registration

When you create a DrGUI account, we collect:

• Email address
• Company name
• Website URL (where you intend to deploy the SDK)
• Site description (a brief description of your website's purpose)

2.2 Page Metadata (During SDK Operation)

When the SDK is active on your website, it scans the page and collects structural metadata to provide AI guidance:

• Field labels and placeholder text
• Button text and link labels
• Page titles and section headings
• Form structure (field types, required/optional status)
• Navigation elements and menu items

This metadata is used solely to help the AI understand the page structure and provide accurate navigation guidance.

2.3 Conversation History

User interactions with the DrGUI assistant (questions asked, guidance provided) are held in-memory only with a 1-hour time-to-live (TTL). Conversations are ephemeral and are not persisted to any database or long-term storage.

2.4 Usage Analytics

We collect aggregated, anonymised usage data such as interaction counts, feature usage frequency, and general session duration to improve the Service.

03.Data We Do NOT Collect

DrGUI is designed with privacy at its core. We explicitly do not collect:

• Form field values (what users type into fields)
• Passwords or authentication credentials
• Personal user data of your website's end users
• Aadhaar numbers
• PAN card numbers
• Bank account details or financial data
• Any other personally identifiable information (PII) from end users

The SDK transmits only page structure and metadata -- never the actual content users enter into forms.

04.Third-Party Services

4.1 AI Language Model Provider

Page metadata (field labels, button text, page structure) is sent to our AI language model provider for processing. This enables the SDK to generate contextual navigation guidance. No field values or personal user data is included in these requests. The specific provider may change from time to time as we optimise for quality, latency, and cost.

4.2 Microsoft Edge TTS

AI-generated guidance text is sent to Microsoft Edge TTS (Text-to-Speech) to produce audio responses that are spoken aloud to users. Only the guidance text itself is transmitted -- no user data.

4.3 No Data Sales

We do not sell, rent, or trade your data or your users' data to any third party. Data shared with the above services is strictly for providing the Service functionality.

05.Data Storage and Location

• All data is stored in India (AWS Mumbai region, ap-south-1)
• API tokens and SDK configurations are stored on our servers
• Sessions are ephemeral with automatic expiry (1-hour TTL)
• No long-term conversation logs are maintained

This approach is aligned with RBI data localisation requirements and the Digital Personal Data Protection Act (DPDPA), 2023.

06.Cookies

The DrGUI SDK does not use cookies. We do not set any tracking cookies, third-party cookies, or advertising cookies. The SDK operates entirely without cookie-based tracking.

07.Your Rights

You have the following rights regarding your data:

• Request deletion of your account and all associated data
• Export your account data in a machine-readable format
• Opt out of usage analytics collection
• Request information about what data we hold about you
• Withdraw consent at any time by discontinuing use of the Service

To exercise any of these rights, contact us at hello@drgui.in. We will respond within 30 days.

08.Data Security

We implement appropriate technical and organisational measures to protect your data, including:

• Encryption in transit (TLS/HTTPS)
• Token-based authentication on all API endpoints
• Rate limiting to prevent abuse
• PII pattern stripping in server logs (Aadhaar, PAN, email, phone)
• Shadow DOM isolation preventing cross-site data leakage

09.Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of the Service after changes constitutes acceptance of the revised policy.

10.Contact

For any questions or concerns about this Privacy Policy or our data practices, contact us at:

hello@drgui.in