Effective Date: March 29, 2026 | Last Updated: March 29, 2026
Account Data: Email address, display name, hashed password, subscription tier.
Usage Data: Queries submitted, council sessions, agent interactions, API usage metrics.
API Credentials: Third-party API keys you provide (Anthropic, OpenAI, Google, Mistral) — stored encrypted.
Payment Data: Processed by our payment provider (Stripe). We do not store credit card numbers.
Marketplace Data: Agent listings, reviews, purchase history.
Passwords: bcrypt hashed (never stored in plaintext).
API keys (yours): SHA-256 hashed. The full key is shown once at creation and never again.
Third-party API keys: Stored with encryption at rest.
Session data: Stored in our database, accessible only to your account.
Account data: Retained while your account is active. Deleted within 30 days of account deletion.
Query history: Retained for 90 days, then automatically purged.
API logs: Retained for 30 days for debugging and abuse detection.
You may: access your data, request deletion, export your data, update your information, and withdraw consent for optional processing. Contact [email protected].
When you use third-party models (Anthropic, OpenAI, etc.), your query content is sent to those providers subject to their privacy policies. The platform default currently routes to Anthropic's Claude, so by default your query content is sent to Anthropic under their privacy policy. When a query is instead served by our self-hosted open-weight models, it is processed on our own infrastructure.
We use minimal cookies: a JWT authentication token stored in localStorage (not a cookie). No third-party tracking cookies.
Privacy inquiries: [email protected]