🔒 Privacy Policy

Last updated: May 2026

1. Information We Collect

Account Data: Email address, name, and profile picture (via Google/Zoho OAuth).

Mission Data: Mission descriptions, agent configurations, uploaded files (PDF, DOCX, TXT), and generated outputs.

Credential Data: OAuth tokens for third-party services (Google, Slack, GitHub, Zoho, etc.), encrypted with AES-256-GCM.

Usage Data: Credit consumption, API calls, agent execution logs, and session information.

Payment Data: Subscription plan and payment status. Payment card details are processed by Razorpay and never stored on our servers.

2. How We Use Your Data

We use your data to: (a) provide and improve the Platform; (b) execute your missions and agent tasks; (c) process payments and manage subscriptions; (d) send transactional emails (OTP, mission notifications); (e) detect and prevent abuse or fraud; (f) generate anonymized analytics to improve the service.

3. Data Storage & Security

Database: All data is stored in Supabase (PostgreSQL) with Row Level Security (RLS) ensuring tenant isolation.

Encryption: Credentials are encrypted with AES-256-GCM using per-tenant derived keys. Data in transit is protected by TLS 1.3.

Code Execution: Agent code runs in isolated E2B sandboxes — no access to other tenants' data or the host system.

Embeddings: Document content is vectorized using OpenAI embeddings and stored in pgvector. Original files are not retained after processing unless explicitly saved by the user.

4. Third-Party Services

We integrate with the following services, each with their own privacy policies:

  • Supabase — Database & authentication
  • OpenAI — LLM and embedding services
  • Google Gemini — LLM services
  • E2B — Sandboxed code execution
  • Razorpay — Payment processing
  • SMTP2GO — Transactional email delivery
  • Google, Slack, GitHub, Zoho, Notion, Discord — OAuth integrations

5. Your Rights

You have the right to: (a) access your data via the dashboard; (b) request deletion of your account and associated data; (c) export your mission data; (d) revoke OAuth permissions at any time via the Connectors page; (e) withdraw consent for data processing.

To exercise any of these rights, contact us at hello@agenticfactor.io.

6. Data Retention

Active account data is retained indefinitely while your account is active. Upon account deletion, all data is permanently removed within 30 days. Anonymized usage analytics may be retained for service improvement.

7. Cookies

We use essential cookies for authentication and session management. We do not use tracking cookies or third-party analytics cookies. No cookie consent banner is required as we only use strictly necessary cookies.

8. Contact

For privacy-related questions or data requests, contact us at hello@agenticfactor.io.