privacy policy
The short version
We collect what we need to run Agentmaticafor you and nothing more. We don't sell your data, we don't use it to train public AI models, and we delete it when you ask us to.
What we collect
- Account info: email, password hash, name (if provided).
- Connected sources: content from the tools you connect (docs, tickets, deals, messages). We index this content to answer questions.
- Usage: messages sent through the agent, actions taken, and how features are used.
- Site analytics: if you consent via the cookie banner, aggregate page-view and event data collected through Google Analytics. See our cookie policy for the full list of cookies set.
- Billing: handled by DodoPayments. We receive a customer ID and subscription status; we never see your full card number.
How we use it
To:
- Operate the Service (answer questions, run actions)
- Improve your specific workspace based on your feedback
- Send service emails (security alerts, billing notices)
- Detect abuse and protect users
We do not train public or shared AI models on your data. Your connected source content stays scoped to your workspace.
Subprocessors
We use the following processors to run the Service. Each is bound by a data processing agreement.
- Supabase — authentication, database, file storage (EU & US regions)
- Anthropic, OpenAI, Google — AI model inference (zero-retention APIs)
- DodoPayments — payment processing and merchant of record
- Resend — transactional email
- Upstash — caching and rate limiting
- Google Analytics (Google LLC) — site usage analytics, only loaded after you accept analytics cookies. IP addresses are anonymized and advertising features are disabled.
Where data lives
Primary storage is in the United States via Supabase. EU / APAC data residency is evaluated case-by-case for Enterprise and is not currently a default offering. We will sign a basic DPA on request.
Your rights
Depending on your region, you may have the right to access, correct, export, or delete the personal data we hold about you. Email privacy@agentmatica.com and we'll respond within 30 days.
Retention
We keep your data while your account is active. When you delete your account, we remove personal data within 30 days, except where retention is required by law (e.g., billing records).
Security
Data is encrypted in transit (TLS) and at rest by our infrastructure providers (Supabase / Postgres). We're working toward SOC 2 Type II — currently aligning our internal controls and processes, not yet certified. Report security issues to security@agentmatica.com.
Cookies and analytics
We use a small number of essential cookies for authentication and session management — these are always on. If you accept the cookie banner, we also set analytics cookies through Google Analytics to measure aggregate site usage. We do not run advertising trackers, retargeting pixels, or sell data to advertisers.
You can change your choice at any time on our cookie policy page.
Changes
We'll notify you of material changes by email or in-product notification at least 30 days before they take effect.
Contact
For privacy questions, email privacy@agentmatica.com. For data deletion requests, email privacy@agentmatica.com from the address on your account.