Privacy Policy

Last updated: March 27, 2026

1. Information We Collect

Account Information: Email address, name, and profile picture (via Google or GitHub OAuth). We do not store passwords — authentication is handled by Supabase.

Usage Data: Agent configurations, conversation logs, credit consumption, and deployment metadata. This data is used to provide and improve the Service.

Payment Data: Billing information is collected and processed by Stripe. We do not store credit card numbers on our servers.

2. How We Use Your Data

  • To provide, maintain, and improve the AgentNexus platform
  • To process billing and manage subscriptions
  • To communicate service updates and security alerts
  • To monitor and prevent abuse of the Service
  • To comply with legal obligations

3. Data Storage & Security

Your data is stored on Supabase (PostgreSQL) with row-level security (RLS) enabled. All data is encrypted in transit (TLS 1.3) and at rest. API keys stored in the Vault are encrypted with AES-256. We deploy on Cloudflare Workers (edge, no cold storage of PII) and Supabase Cloud (US region by default, with EU/APAC options for Enterprise).

4. Third-Party Services

We use the following third-party services that may process your data:

  • Supabase — Authentication, database, and storage
  • Stripe — Payment processing
  • Cloudflare — Edge hosting and CDN
  • OpenRouter — LLM API routing (agent conversations)
  • Railway / Fly.io — Managed instance hosting

5. Data Retention

We retain your data for as long as your account is active. Conversation logs are retained for 90 days by default. Upon account deletion, all associated data is permanently removed within 30 days.

6. Your Rights

You have the right to: (a) access your personal data; (b) correct inaccurate data; (c) delete your account and data; (d) export your agent configurations and conversation history; (e) object to data processing. Contact us to exercise these rights.

7. Cookies

We use essential cookies for authentication (Supabase session tokens). We do not use tracking cookies or third-party advertising cookies. Analytics, if enabled, use privacy-respecting tools (PostHog, self-hosted).

8. Children's Privacy

The Service is not directed to children under 18. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes via email or a prominent notice on the Service.

10. Contact

For privacy-related inquiries, contact our Data Protection Officer at privacy@agentnexus.dev.