Legal

Privacy Policy

Last updated: 2026-06-01

Zero data plane architecture

AgentGuard's SDK runs entirely in your runtime. We never see, store, or process the prompts your AI agents send to model providers, the responses those providers return, or any input/output data your agents handle.

What we DO receive:

What we do NOT receive:

Cookies and local storage

The dashboard may use cookies, local storage, or session tokens to keep you logged in and route you to the right workspace. The public website may use lightweight analytics to understand aggregate usage.

Third-party processors

We use a small set of processors to run account and payment workflows: Privy for authentication, Stripe for billing, Postmark for email, Vercel and Vercel KV or compatible storage for hosting and account state, and PostHog for optional product analytics. These processors do not receive your prompts, completions, provider API keys, signing keys, or governed workflow data from SDK calls.

Data retention

Account, license, billing, and dashboard metadata are retained while your account is active. Refund-related dashboard data may be archived for 90 days. Public receipt verification records may remain available so signed receipts can continue to verify.

User rights

If you are covered by GDPR, CCPA, or similar privacy laws, you may request access, correction, export, or deletion of personal information we hold about your account. Email [email protected].

International transfers

We may process account, license, billing, and telemetry data in the United States or in regions used by our infrastructure providers. The SDK data path remains customer to provider and does not pass through AgentGuard infrastructure.

Children's privacy

AgentGuard is built for businesses and developers. It is not directed to children under 13.

Contact

Privacy questions can be sent to [email protected].

Back to top

Functional-use disclaimer

All terminology and labels used in AgentGuard materials are descriptive of software functionality only, not legal definitions or guarantees of compliance. Terms such as receipt, audit log, evidence, audit trail, attestation, signed, verified, attested, compliance, compliant, outcome, settlement, capability tier, and settles refer to cryptographic software records and programmed state transitions only. They do not state that any record has binding legal effect, official certification, or equivalent status to records maintained by courts, banks, auditors, regulators, or agencies.

Terms drawn from audit, evidence, settlement, credit, debt, market, liquidity, maturity, and similar domains are used only in a functional and descriptive sense. An audit log is a sequence of recorded software events. Evidence means a record that may support a user review. Settlement means a final software state. None of these terms should be read as legal, financial, accounting, or regulatory advice.

Financial-context words such as trade, trading, liquidity, maturity, market, clearing, and exchange, if used in examples, describe token, budget, or workflow mechanics only. AgentGuard does not operate as a broker-dealer, exchange, clearinghouse, investment adviser, insurer, government agency, or regulated marketplace.

Words such as offer, obligation, credit, debt, payment, settle, maker, and taker refer only to hypothetical or user-operated agent workflows, simulated transaction states, or software configuration examples. AgentGuard does not transmit money, extend credit, custody funds, offer financial instruments, or guarantee settlement of obligations.

References to certify, verify, attest, signed, or validated are cryptographic and computational terms. They mean that software performed a signature, hash, schema, or chain check. AgentGuard does not claim that receipts are admissible legal evidence by default, that a court or regulator must accept them, or that use of AgentGuard alone fulfills any legal standard. The software is provided as-is as a technical audit tool.