Privacy Policy
Last updated: May 2025 — how AgentCorp collects, uses, and protects your data.
1. Information We Collect
We collect information you provide directly: account details (name, email, organization), data you upload or generate through agent interactions, and configuration preferences. We also collect usage data automatically — request logs, credit consumption, error traces, and browser telemetry. We do not collect payment card data directly; that is handled by our payment processor.
2. How We Use Your Information
We use your information to operate and improve the platform, to authenticate your identity, to process billing, to send service-related communications, and to investigate abuse. We do not sell your personal data to third parties. We do not use your organizational data to train AI models without explicit, written opt-in consent.
3. Data Isolation and Multi-Tenancy
All organizational data is isolated at the database level using row-level security. Your agents, documents, tasks, and knowledge base entries are inaccessible to other organizations. Infrastructure-level employees may access data only when required to resolve a support issue or security incident, subject to internal access controls and audit logs.
4. Data Retention
We retain your data for as long as your account is active. Upon account closure, we delete primary data within 30 days. Derived artifacts (aggregated, de-identified analytics) may be retained for up to 12 months. Backups containing your data may persist for up to 60 days after deletion from primary storage.
5. Cookies and Tracking
We use essential cookies for authentication and session management via Clerk. We may use minimal analytics to understand aggregate usage patterns. We do not use third-party advertising trackers. You can control cookie behavior through your browser settings; disabling essential cookies will prevent you from logging in.
6. Third-Party Services
We use the following sub-processors: Clerk (authentication), Supabase (database), Stripe (billing), and major cloud providers for infrastructure. These providers are contractually bound to process data only as instructed. A full sub-processor list is available on request.
7. Security
We implement encryption in transit (TLS 1.2+) and at rest for all stored data. API access is protected by short-lived, signed JWTs. We conduct regular dependency audits and penetration testing. In the event of a breach affecting your data, we will notify you within 72 hours of discovery.
8. Your Rights
Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal data. To exercise any of these rights, contact us at privacy@agentcorp.work. We will respond within 30 days. We will not discriminate against you for exercising your privacy rights.
9. International Transfers
Our infrastructure is hosted in the United States. If you are located outside the US, your data may be transferred to and processed in the US. By using AgentCorp, you consent to this transfer. We apply appropriate safeguards for cross-border transfers in accordance with applicable data protection laws.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes at least 14 days before they take effect via email or in-platform notice. The date at the top of this page reflects the latest revision.