Privacy & data

No data stored — only AI systems are searched

Fulfai is built around data minimisation. To build your EU AI Act inventory, our scanner only needs to know which AI agents and AI libraries appear in your projects. It does not store your source code, your data, or your business logic.

What we scan

We analyse dependency manifests and import statements (for example package.json, requirements.txt, lockfiles) to identify AI libraries and AI agent frameworks. The scan looks for known AI providers and packages — not the content of your files.

What we do NOT store

We do not retain your source code, repository contents, personal data, or proprietary logic. Only the resulting inventory of detected AI agents and AI libraries (name, version, risk classification) is saved to your account.

How the scan works

The scan reads dependency metadata in memory during the analysis. Once the AI inventory is produced, the raw code is discarded. You can delete any scan and its results at any time from your dashboard.

Legal background

This approach is designed to support the following obligations and principles:

EU AI Act (Regulation (EU) 2024/1689) — providers and deployers must maintain an inventory and documentation of the AI systems they use; identifying AI libraries and agents is the first step of that inventory.
GDPR, Article 5(1)(c) — data minimisation: only data that is adequate, relevant and limited to what is necessary should be processed. Scanning for AI dependencies avoids processing personal or source data.
GDPR, Article 25 — data protection by design and by default: privacy is built into how the scan operates, by not persisting code or personal data.

This page is provided for information only and does not constitute legal advice.