Privacy Policy

Information You Provide

• Account Information: Email address and name, provided during registration. Authentication is handled via passwordless methods (magic link or one-time passcode) through our authentication provider, Clerk.
• Profile & Preferences: Professional information, domain expertise areas, and other preferences you configure.
• Expert Contributions: Agents, workflows, data nodes, and other content you create or contribute to the Platform.
• AI Query Inputs: Queries, prompts, and contextual information you submit when invoking agents or using AI-powered features.
• Build Request Data: Descriptions, specifications, documents, and communications you submit as part of the Build Request process.
• Communications: Messages you send to us via email, support channels, or community discussion forums.

Information Collected Automatically (Authenticated Users Only)

We do not track or collect data from visitors who have not created an account. For signed-in users, we collect:

• Usage Data: Feature usage, agent invocations, and interaction patterns within the Service.
• Technical Data: IP address, browser type, and device type (collected as part of authentication by Clerk).

Payment Information

Payment information is collected and processed directly by our payment processor, Stripe. We do not receive, store, or have access to your full payment card details.

When you use AI-powered features, your inputs are transmitted to one or more of the following third-party AI providers for processing:

What Data Is Sent

We transmit query text and contextual information to the relevant AI provider. We do not send your name, email address, or account information to AI providers.

Model Training

Under their current API terms, none of these providers use data submitted via their APIs to train their models. We will update this policy and notify you if any provider changes this practice.

We use Clerk to handle account creation and authentication. Clerk receives and processes your email address and authentication tokens. Clerk's privacy policy: clerk.com/legal/privacy

We use Stripe to process all payments. Stripe is PCI-DSS Level 1 certified. Stripe's privacy policy: stripe.com/privacy

We do not sell your personal information. We share your information only in the following circumstances:

• Service Providers: With the third-party providers described above to operate the Service.
• Expert Profiles: If you are an expert with a public profile, your name and published Creations are visible to other users.
• Legal Requirements: When required by law, court order, or governmental request.
• Business Transfers: In connection with a merger, acquisition, or sale of assets.
• Aggregated Data: We may share anonymized, aggregated data that cannot be used to identify you.

We take a minimal approach to cookies. We do not use analytics, advertising, or tracking cookies. We do not track visitors who have not created an account.

Because we only use strictly necessary cookies, no cookie consent banner is required.

• Account Data: Retained while your account is active, and for up to 30 days after deletion.
• Expert Contributions: Retained while you keep them on the Platform. Upon withdrawal, removed within 30 days.
• Build Request Records: Retained for 3 years after the business relationship for dispute resolution.
• Payment Records: Retained as required by financial regulations (typically 7 years).
• AI Query Logs: Retained for up to 90 days for debugging, then deleted.

For All Users

You have the right to:

• Access the personal information we hold about you
• Correct inaccurate personal information
• Delete your account and personal data
• Export your data in a portable format

Additional Rights for EU/EEA Users (GDPR)

• Restrict processing of your personal data
• Object to processing based on legitimate interest
• Withdraw consent at any time
• Data portability
• Lodge a complaint with your local data protection supervisory authority

Additional Rights for California Residents (CCPA/CPRA)

• Know what personal information we collect and why
• Request deletion of your personal information
• Opt out of the sale of personal information (we do not sell personal information)
• Non-discrimination for exercising your privacy rights

How to Exercise Your Rights

Contact us at [email protected]. We will respond within 30 days.

Agent Ecology is based in the United States. For transfers from the EU/EEA, we rely on Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework.

We implement appropriate measures to protect your personal information, including:

• Encryption of data in transit (TLS/HTTPS)
• Encryption of data at rest
• Passwordless authentication
• API key hashing (SHA-256)
• Rate limiting and abuse detection
• Access controls limiting employee access to personal data

The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, contact us at [email protected].

In accordance with the EU AI Act and transparency best practices:

• AI-generated content is clearly identified as such within the Service
• You are always interacting with an AI system when using agent invocation and search features
• AI outputs are not reviewed by humans before being presented to you unless otherwise noted
• We do not use AI for automated decision-making that produces legal effects

We may update this Privacy Policy from time to time. For material changes, we will notify you by email at least thirty (30) days before the changes take effect. Previous versions are available upon request.

The following third-party service providers process personal data on our behalf:

If you have questions about this Privacy Policy, please contact us:

• Email: [email protected]
• Website: www.agentecology.com