Privacy Policy
Plain-language summary of what we collect and why. We are finalizing the binding version with counsel; the contact below answers anything this doesn't.
Last updated 2026-06-04
What we collect
- Account & auth — your email and sign-in/session metadata.
- Agent & app config — hashed agent tokens, app names, and the execute URLs you register. We never store an agent's plaintext credentials.
- Audit metadata — redacted records of action attempts, approvals, blocks, and spend, so the product can show you a tamper-evident log. Sensitive fields are redacted before storage.
- Product & site analytics — we use PostHog (EU region) to understand how the site and product are used. Session recordings mask all inputs and sensitive fields, and person profiles are created only for identified (signed-in) users.
How we use it
To run the service (authorize, sign, and audit your agents' actions), keep it secure, support you, and improve the product. We do not sell your data.
Sharing & sub-processors
We share data only with the infrastructure providers needed to run the hosted service (hosting, database, email delivery, and product analytics via PostHog in the EU). A current sub-processor list is available on request.
Retention, security & your rights
We keep data only as long as needed to provide the service or meet legal obligations; audit retention is bounded by your plan. We protect data with encryption in transit, hashed tokens, and least-privilege access. Subject to applicable law (GDPR / CCPA-CPRA), you can request access, correction, export, or deletion of your data.
Contact
Questions or requests — we respond to verified requests within a reasonable period.