Privacy Policy

Last updated: May 1, 2026

1. Introduction

AgentID ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our identity and access management service for AI agents (the "Service").

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address, company name, and password (hashed and salted). We do not store your raw password.

2.2 Agent Metadata

We store metadata about your AI agents, including agent names, creation dates, status (active/revoked), and configured scopes. This data is necessary to provide the Service.

2.3 Credentials

We store encrypted credentials (API keys, OAuth tokens, service account keys) on behalf of your agents. All credentials are encrypted at rest using AES-256 encryption. Per-tenant encryption keys are used for Business tier and above.

2.4 Audit Logs

We collect and store authentication events, including timestamps, agent identifiers, actions performed, resources accessed, IP addresses, and user agents. This data is retained according to your plan tier (7 days for Hobby, 90 days for Startup, 1 year for Business, unlimited for Enterprise).

2.5 Usage Data

We collect anonymized usage statistics to improve our Service, including authentication counts, feature usage, and performance metrics. This data is not linked to your identity.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Authenticate your agents and manage their credentials
  • Generate audit logs and provide visibility into agent activity
  • Respond to your support requests
  • Send you service-related communications (e.g., security alerts, feature updates)
  • Comply with legal obligations

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: We engage third-party vendors to assist with hosting, infrastructure, and support. These vendors are contractually obligated to protect your data.
  • Legal Requirements: We may disclose information if required by law, subpoena, or legal process.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.
  • With Your Consent: We may share information with your explicit consent.

5. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Per-tenant encryption keys for Business tier and above
  • Regular security audits and penetration testing
  • SOC 2 Type II compliance (in progress)
  • Bug bounty program
  • Access controls and employee training

Despite our efforts, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal information within 30 days, except where we are required to retain it for legal or compliance purposes.

Audit logs are retained according to your plan tier. After the retention period, logs are automatically deleted.

7. Your Rights (GDPR/CCPA)

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information
  • Portability: Request transfer of your data to another service
  • Opt-out: Opt out of marketing communications

To exercise these rights, contact us at privacy@agentid.io.

8. International Data Transfers

AgentID is hosted in the United States. If you are located outside the U.S., your data may be transferred to and processed in the U.S. We comply with applicable data transfer regulations, including Standard Contractual Clauses (SCCs) where required.

9. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us at privacy@agentid.io.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, contact us at:

Email: privacy@agentid.io
Address: AgentID, Delaware, USA