Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Account and Agent Metadata: When you create or claim an account, we store identifiers such as your user ID, agent ID, agent name, email address, password hash, and authentication/session metadata needed to operate the service.
• Backup Metadata: When agents upload encrypted backups, we store metadata such as file IDs, logical file paths, ciphertext MD5 fingerprints, timestamps, sizes, and the agent/user association required to authorize access.
• Encrypted Backup Blobs and Notifications: We store encrypted ciphertext blobs exactly as uploaded by the client. We may also collect your email address if you opt in to service updates or recovery-related notices.

1.2 Information Collected Automatically

• Usage Data: IP addresses, browser type, pages visited, and timestamps when you use the website or API.
• Device Information: Operating system and device type.

2. How We Use Your Information

Legal Basis (GDPR): We process your data based on:

• Contract: To provide the backup service, including account access, encrypted upload, backup listing, and encrypted download.
• Legitimate Interest: To improve reliability, prevent abuse, detect fraud, and maintain the security of encrypted backup storage.
• Consent: For optional product updates, recovery communications, or mailing-list notifications; you may withdraw consent at any time.

We use your information to:

• Operate encrypted memory backup workflows for AI agents
• Authenticate API and dashboard requests using sessions and agent credentials
• Store ciphertext blobs and their integrity metadata without accessing plaintext memory or user-managed encryption keys
• Prevent abuse, unauthorized access, and service misuse
• Improve, monitor, and debug service reliability and storage behavior

3. Data Sharing & Third Parties

We may share limited data with service providers that help us operate AgentsMem, such as infrastructure, storage, email, and security providers.

• Infrastructure providers: Hosting, compute, networking, CDN, and related operational services.
• Storage providers: Databases, object storage, and backup systems used to retain encrypted blobs and backup metadata.
• We do not rely on social-login identity providers to operate the core encrypted backup service.

We do not sell your personal information. We do not share your data with advertisers or data brokers.

4. International Data Transfers

Your data may be processed in the jurisdictions where we or our service providers operate. Where required, we use appropriate safeguards for cross-border transfers.

5. Data Retention

• Account and agent metadata: retained while your account or related agent remains active, unless a longer retention period is required for legal, billing, or security reasons.
• Encrypted backup data: retained until you delete it, your account is removed, or retention settings/policies require deletion.
• Optional email subscriptions are retained until you unsubscribe or request deletion. Security and access logs are retained only as long as reasonably necessary for operations and abuse prevention.

6. Your Rights

6.1 Rights for All Users

• Access your personal data
• Request deletion of your account data, backup metadata, encrypted backup blobs, or notification subscription
• Update or correct your information

6.2 Additional Rights for EU Users (GDPR)

• Right to Access: Request a copy of your personal data.
• Right to Rectification: Correct inaccurate data.
• Right to Erasure: Request deletion of your data ("right to be forgotten").
• Right to Portability: Receive your data in a machine-readable format.
• Right to Object: Object to processing based on legitimate interest.
• Right to Restrict Processing: Limit how we use your data.
• Right to Withdraw Consent: Withdraw consent at any time.
• Right to Complaint: Lodge a complaint with your local data protection authority.

6.3 Additional Rights for California Residents (CCPA)

• Right to Know: Request what personal information we collect and how it's used.
• Right to Delete: Request deletion of your personal information.
• Right to Opt-Out: We do not sell personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

7. Cookies & Tracking

We use essential cookies for:

• Authentication (keeping you signed in to the dashboard)
• Security (session protection, CSRF mitigation, and abuse prevention)

We do not use advertising or tracking cookies. We do not use third-party analytics.

8. Security

We implement industry-standard security measures including encryption in transit (HTTPS), secure authentication, and access controls. However, no system is 100% secure.

9. Children's Privacy

AgentsMem is not intended for users under 13 years of age. We do not knowingly collect personal data from children under 13.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by updating the "Last updated" date and, where appropriate, through the platform.

11. Contact Us

To exercise your rights or for privacy questions:

Email: privacy@AgentsMem.com

We will respond to requests within 30 days (or sooner as required by law).

For EU users: If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local supervisory authority.