Privacy Policy

Last updated: March 27, 2026

1. Information We Collect

Account Information: Email address, name, and profile picture (via Google or GitHub OAuth). We do not store passwords — authentication is handled securely by Supabase.

Usage Data: Agent configurations, knowledge base contents, conversation logs, tool-call logs, and deployment metadata. This data is used to provide and enhance the Service.

Payment Data: Billing information is collected and processed by Stripe. We do not store full credit card numbers on our servers.

2. How We Use Your Data

  • To provide, maintain, and improve the AgentNexus platform
  • To process billing, manage subscriptions, and monitor rate-limits
  • To facilitate agent external operations via the Harness Engine
  • To communicate service updates and security alerts
  • To monitor and prevent abuse of the Service
  • To comply with legal obligations

3. Data Storage & Security

Your data is stored securely in PostgreSQL with row-level security (RLS) policies enforcing tenant isolation. All data is encrypted in transit (TLS 1.3) and at rest. Custom API keys provided for BYOK (Bring Your Own Key) toolkits are encrypted using AES-256-GCM before storage. We utilize Cloudflare security layers to protect from distributed attacks.

4. Third-Party Services

We use the following third-party services that may process your data strictly to facilitate the Service:

  • Supabase — Authentication, database, vector storage, and edge functions
  • Stripe — Payment processing
  • Cloudflare — DDoS protection, CDN, and DNS layer routing
  • Fly.io / Railway — Managed runtime environments for deployed agents
  • LLM Providers — For routing agent intelligence and inference (OpenRouter, OpenAI, Anthropic, Google)

5. Data Retention

We retain your data for as long as your account is active. Conversation logs and tool-action telemetry are retained to provide historical visibility. Upon account deletion, all associated data, configurations, and conversation logs are permanently removed from our active systems.

6. Your Rights

You have the right to: (a) access your personal data; (b) correct inaccurate data; (c) delete your account and associated data; (d) manage and revoke OAuth tools integration. Contact us to exercise these rights.

7. Cookies

We use essential cookies strictly for authentication and session continuity (Supabase session tokens). We do not use third-party advertising cookies or cross-site tracking pixels.

8. Changes to This Policy

We may update this Privacy Policy to reflect infrastructure updates or compliance needs. We will notify users of any material changes via email or a prominent notice on the Service dashboard.

9. Contact

For privacy-related inquiries or data requests, please contact our support team at support@agtnx.ai.