← Back

Privacy Policy

Effective April 16, 2026

1. Who we are

AGEMS ("we", "us") operates the AI agent management platform at agems.ai. This policy describes what personal data we collect, why we collect it, and your rights under the EU GDPR and comparable regimes.

2. Data we collect

  • Account data: email, name, organization, password hash.
  • Usage data: agent runs, messages, tasks, tool calls, token usage — everything needed to operate the product and bill you accurately.
  • Billing data: Stripe customer ID, subscription state, payment-method identifiers. Card numbers are stored by Stripe, not by us.
  • Technical data: IP address, browser / user-agent, log timestamps, error traces.
  • Content you provide: prompts, files, knowledge-base material, API keys you enter (stored encrypted at rest).

3. Why we process it (legal bases)

  • Contract — to deliver the service you signed up for.
  • Legitimate interest — abuse prevention, security logging, service improvement.
  • Legal obligation — tax records, responding to lawful requests.
  • Consent — optional cookies (analytics, marketing). You can withdraw anytime.

4. How we share data

We share data with sub-processors strictly as needed: Stripe (payments), SendGrid (transactional email), DigitalOcean / AWS (hosting), and the LLM providers you enable (OpenAI, Anthropic, Google, etc.) — only the prompts and context your agents send. We do not sell your data.

5. Retention

We keep account and usage data for as long as your account is active, and for up to 12 months afterward for audit and dispute resolution. Billing records are kept for 7 years as required by tax law. You can request deletion at any time (see §7).

6. International transfers

Our infrastructure is located in the EU and United States. Where data leaves the EEA we rely on the European Commission's Standard Contractual Clauses with our sub-processors.

7. Your rights

Under GDPR you have the right to:

  • access a copy of your data;
  • correct inaccurate data;
  • delete your account and associated data ("right to be forgotten");
  • export your data in a portable format;
  • object to, or restrict, certain processing;
  • withdraw consent for optional cookies;
  • lodge a complaint with your supervisory authority.

To exercise any of these rights, email privacy@agems.ai. We respond within 30 days.

8. Security

We encrypt data in transit (TLS 1.2+) and at rest. API keys and secrets are encrypted before storage. Access to production systems is restricted and logged. We run automated backups daily.

9. Cookies

See our Cookie Policy for the list of cookies we use and how to manage them.

10. Changes

If we materially change this policy we'll email registered users and update the "Effective" date at the top.

Contact

Questions? privacy@agems.ai