Privacy Policy

Last updated: 2026-06-04

This Privacy Policy describes how Datawizz, Inc., doing business as Gamut (“Gamut,” “we,” “us,” “our”) collects, uses, and discloses information when you use the Gamut website at gamut.so, the Gamut applications, the local agent runtime, and related services (the “Service”).

By using the Service, you agree to the practices described here. If you use the Service on behalf of an organization, this Policy applies to your use, and your organization’s agreement with us may also govern how your data is handled.

1. How Gamut Handles Data: The Short Version

Gamut runs agents in sandboxed containers, locally on your own computer or in environments you connect. Datawizz does not host or store the data agents process; limited account, billing, and opt-in telemetry data is the exception, as described below. Because of this:

The rest of this Policy explains the details.

2. Information We Collect

2.1 Account and billing information. Name, email, organization, username, password (hashed), and payment information processed by our payment provider. We do not store full card numbers.

2.2 Agent and usage data. Information needed to operate and meter the Service, such as which agents you run, credit and compute consumption, timestamps, and high-level activity. Some of this is stored locally; some is transmitted to us for billing and to provide the Service.

2.3 Content processed by agents. Your prompts, instructions, files, and the web pages, application data, messages, and other content agents read or produce while performing tasks you direct (“Content”). Where agents run locally, much of this Content stays in your environment; portions are transmitted to AI model providers and connected services as needed to complete your tasks.

2.4 Connected accounts and credentials. When you connect a third-party service (via API, MCP server, or browser session), we process the tokens or session data needed to act on your behalf. Where the local proxy is used, the agent runtime does not directly receive your secret keys.

2.5 Browser and interaction data. When agents operate a browser on your behalf, they process the pages, URLs, form fields, and resources required for the task. You control which sites and tasks agents are permitted to access.

2.6 Technical and device data. Device and operating system details, IP address, diagnostics, crash and error reports, and security-related logs.

2.7 Communications. Messages you send us, support requests, and feedback.

We may also use information that has been deidentified or aggregated so it cannot reasonably be linked to you, for any lawful purpose, and we will not attempt to re-identify it except to test our deidentification.

3. How We Use Information

We use information to:

4. AI Model Training

Gamut does not use your Content (your Input, the data agents process, or agent Output) to train foundation models. Our AI model providers do not use content sent through Gamut to train their foundation models, consistent with their enterprise API terms.

We may use deidentified or aggregated data, and metadata about Service usage, to operate and improve the Service.

5. How We Disclose Information

We do not sell your personal information. We disclose information only as described here:

A current list of sub-processors is available at gamut.so/subprocessors.

6. Third-Party Services and Websites

The Service connects to third-party websites, applications, and platforms that we do not control. When agents act on those services at your direction, the third party’s collection and use of data is governed by its own policies. Review them before authorizing access.

7. Data Retention

We retain information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Content stored locally in your environment is retained and deleted according to your own configuration and controls. After account termination, we make your server-side data available for export for thirty (30) days, after which it may be deleted. We retain billing and transaction records for the period required by applicable tax and accounting law.

8. Security

We use technical and organizational measures designed to protect information, including sandboxing of agents, scoped and software-defined permissions, credential routing through a local proxy, access controls, encryption in transit, audit logging, and monitoring. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security. You are responsible for the security of the environments where you run the Gamut runtime and for the permissions you grant agents.

9. International Data Transfers

We may process and transfer information in countries other than where you live, including the United States. Where required, we use appropriate safeguards such as Standard Contractual Clauses for transfers out of the EEA, UK, or Switzerland.

10. Your Rights and Choices

Depending on where you live, you may have rights to access, correct, delete, port, or restrict processing of your personal information, to object to certain processing, and to withdraw consent. You may also have the right to opt out of “sale” or “sharing” of personal information; we do not sell or share your personal information as those terms are defined under the CCPA.

To exercise your rights, contact us at legal@gamut.so. We may need to verify your identity. We will not discriminate against you for exercising these rights. If you are in the EEA or UK, you may also lodge a complaint with your local data protection authority. Many controls, such as deleting stored data and managing connected accounts and permissions, are also available directly in your Gamut settings.

11. Children’s Privacy

The Service is not directed to children. You must be at least 18 to use it, and we do not knowingly collect personal information from children. If we learn we have collected such information, we will delete it.

12. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will update the “Last updated” date and provide notice as required by law. Your continued use of the Service after changes take effect constitutes acceptance.

13. Contact Us

Questions or requests regarding this Policy: legal@gamut.so.