Privacy

TL;DR

• We collect what we need to run Agentkit: account info, billing, usage logs, and prompts you send to agents.

• We don't sell your data.

• We don't use Customer Data to train our own models.

• Underlying model providers (OpenAI, Anthropic, Google, and others you select) process prompts on our behalf under contract.

• You can export, correct, or delete your data anytime.

Data We Collect

Account data. Name, email, password hash, workspace name, and billing details when you sign up.

Usage data. Logs of API calls, agent runs, tool calls, model selections, and execution traces. We keep these to operate Agentkit, debug issues, and bill accurately.

Prompts and outputs. Inputs you send to agents and the outputs returned. These are processed by the model providers you select.

Technical data. IP address, browser, operating system, device identifiers, and cookies. We use these for security, analytics, and to keep Agentkit working across devices.

Communications. When you email support or fill out a form, we keep that record.

How We Use It

We use personal data to:

• Provide and maintain Agentkit

• Authenticate users and prevent fraud

• Bill customers and collect payments

• Respond to support requests

• Send service announcements and (with consent) marketing emails

• Comply with legal obligations

We don't use Customer Data, including the content of prompts and outputs, to train our own models. Aggregate, anonymized usage metrics may be used to improve Agentkit.

Legal Bases (EEA / UK)

If you're in the EEA, UK, or Switzerland, our legal bases are:

• Contract performance (running Agentkit for you)

• Legitimate interests (security, analytics, debugging)

• Consent (marketing emails, optional cookies)

• Legal obligation (tax records, lawful requests)

Subprocessors

We use third parties to operate Agentkit. A current list is at agentkit.dev/subprocessors and includes:

• Cloud infrastructure: AWS, Google Cloud

• Model providers: OpenAI, Anthropic, Google, and others you select

• Payment processing: Stripe

• Email delivery: Resend, Postmark

• Analytics: PostHog, Plausible

• Support tooling: Linear, Intercom

We require subprocessors to handle personal data under terms at least as protective as ours.

International Transfers

AgentKit Inc. operates from Germany. If we transfer personal data outside the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses or equivalent safeguards.

Cookies

We use first-party cookies for authentication and preferences, and limited analytics cookies. You can manage cookies through your browser settings. Agentkit won't work fully without authentication cookies.

Retention

• Account data: while your account is active, plus 90 days after deletion

• Billing records: 7 years (legal requirement in most jurisdictions)

• Usage logs and traces: 90 days by default, configurable on paid plans

• Prompts and outputs: per your plan settings, with a default of 30 days

You can request earlier deletion under "Your Rights" below.

Your Rights

Depending on where you live, you can:

• Access the personal data we hold about you

• Correct inaccurate data

• Delete your data ("right to be forgotten")

• Export your data in a portable format

• Object to or restrict certain processing

• Withdraw consent at any time

• Lodge a complaint with your local data protection authority

Security

We use encryption in transit and at rest, scoped access controls, and regular security reviews.

Changes

We'll update this policy when our practices change. The "Last updated" date at the top reflects the latest version. Material changes will be announced by email or in the dashboard.

Contact

Data controller: AgentKit Inc. Email: privacy@agentkit.dev Address: 10115 Berlin, Germany Data Protection Officer: dpo@agentkit.dev