Privacy Policy

Last updated: 2026-05-15

1. Data we collect

• Account: email, hashed password, name.
• Workspace content: agents, tools, skills, sources, workflows, tasks, runs you create.
• Secrets: stored encrypted (Fernet). Plaintext is never returned by the API or displayed in the UI after the initial write.
• Telemetry: request logs, error traces (via Sentry). PII (Authorization headers, cookies, secret values) is redacted at capture time.
• LLM provider data: when you run an agent, the prompt + tool calls + responses pass through the LLM provider you configured (OpenAI, Anthropic, etc.). Their privacy policy applies to that traffic.

2. How we use it

• To provide the Service: run agent crews, deliver webhooks, send notifications.
• To improve reliability: aggregate error rates, latency, resource usage.
• To bill (when applicable): track per-workspace LLM cost.

3. Sharing

We do not sell personal data. We share data with sub-processors only as needed to run the Service:

• DigitalOcean (hosting, database, file storage)
• Sentry (error monitoring)
• Your configured LLM providers (when you run agents)
• Your configured source connectors (GitHub, Jira, etc.) using your supplied credentials

4. Retention

• Account: until you delete it.
• Audit events: 90 days (configurable per workspace).
• Run records + outputs: until you delete the parent task or workspace.
• Backups: 14 days rolling.

5. Your rights (GDPR / CCPA)

You may request access to, correction of, or deletion of your personal data by emailing [email protected]. We respond within 30 days.

6. Security

Data is encrypted in transit (TLS 1.2+) and at rest. JWT tokens live in HttpOnly cookies and are never exposed to JavaScript. Secrets are encrypted with a customer-isolated Fernet key.

7. Contact

Privacy questions: [email protected].