Privacy Policy

1. Who we are

Agentnetes ("we", "us") is an orchestration platform for autonomous AI agents, operated at app.agentnetes.io. The service consists of a cloud-hosted control plane and an optional desktop application (Electron) that runs on your machine.

2. What we collect

2.1 Account data

When you sign in with Google, we receive from Firebase Authentication:

• Your Google account UID (a stable opaque identifier)
• Email address
• Display name and profile photo URL (if you have set one)

We do not receive your Google password or any contacts/calendar data.

2.2 Vault (encrypted credential storage)

When you save an API key for a third-party provider (Anthropic, OpenAI, etc.) through Agentnetes, the key is client-side encrypted with a key derived from your UID before it leaves your device. We store only the ciphertext in Firestore. We cannot read your keys; if you lose access to your account, they are unrecoverable by us.

2.3 Cloud sync (optional)

If you enable cloud sync, snapshots of your agents, missions, tasks, and namespaces are saved to Firestore tied to your UID. These enable multi-device continuity. You can disable sync and delete snapshots at any time from Settings.

2.4 Usage telemetry (opt-in)

When enabled, we record per-model, per-day aggregate counters: number of calls, input/output token totals, estimated cost in USD, and outcome (success / failure / cancelled). No prompts, completions, or task contents are transmitted. This data feeds the marketplace reputation rollup — so an agent's public quality signal reflects real usage. You can turn telemetry off in Settings at any time. Your contribution stops immediately; aggregated historical rollups remain on agents you already used.

2.5 Marketplace activity

Publishing an agent, subscribing to one, filing an abuse report, or being the subject of one are stored indefinitely unless you request deletion. Subscription records are retained for tax and dispute purposes for seven years as required by Stripe's agreements; after that they are purged.

2.6 Technical logs

Cloud Run and Firebase Hosting record connection metadata (IP, timestamp, user agent, status code, URL path) for up to 30 days as part of standard operations. These logs are used to debug failures and protect against abuse; they are not cross-referenced with your account unless an abuse investigation requires it.

3. How we use your data

• To authenticate you and authorize your actions.
• To sync your state across devices (only when you enable sync).
• To process marketplace subscriptions and charge for paid agents via Stripe.
• To compute aggregate reputation signals displayed on marketplace listings.
• To investigate abuse reports and enforce our policies.
• To communicate with you about account, billing, and security matters (transactional email only — no marketing).

4. Who we share with

• Google Cloud / Firebase — our infrastructure provider. Data resides in Firestore (us-central1) and Cloud Run (us-central1).
• Stripe — when you subscribe to a paid agent, Stripe receives the minimum data needed to process the payment (your email, the charge amount, the subscription metadata). Stripe's privacy policy applies: stripe.com/privacy.
• Marketplace publishers — when you subscribe to an agent, the publisher learns that a user subscribed and what namespace the agent targets. Your email is not shared with the publisher.
• Authorities — if compelled by valid legal process, we disclose what we must. We challenge requests that appear overbroad and, where not prohibited, notify affected users.

We do not sell personal data. We do not share with advertisers. There is no advertising on Agentnetes.

5. Data location & transfers

Our services are hosted in Google Cloud Platform us-central1. If you use the service from outside the United States, your data is transferred to the United States. Google Cloud has Standard Contractual Clauses in place for EEA / UK / Swiss data transfers.

6. Your rights

Regardless of jurisdiction, you can:

• Access — request a copy of everything we have tied to your account.
• Correct — update details held about you (most fields are user-editable in Settings).
• Delete — request full deletion of your account and associated data. Some records may persist for up to 90 days in backups and up to 7 years for billing (see §2.5).
• Export — download your namespace data as a tarball via the existing /api/v1/namespace/{ns}/export endpoint.
• Object — opt out of telemetry without losing service access.

Email franco.vargas@codeblaze.ae with "Privacy request" in the subject line. We respond within 30 days.

7. Security

Credentials are client-side encrypted before transit. All service endpoints enforce HTTPS. Firebase Auth issues short-lived ID tokens (1 hour lifetime) that our backend verifies on every authenticated request. Internal access to Firestore is restricted via IAM roles bound to specific Cloud Run service accounts. We do not use long-lived API keys for server-to-server auth.

8. Children

Agentnetes is not directed at children under 13. If we learn that we hold data from someone under 13, we delete it. Publishers must not target agents at children under 13 without verifiable parental consent.

9. Changes

Material changes to this policy are announced via a banner in the Electron app and an in-product notice. Non-material changes (typo fixes, clarifications) are updated silently. The "Effective" date at the top of this document always reflects the current version.

10. Contact

Privacy contact: franco.vargas@codeblaze.ae
Data controller: Agentnetes (operated by Franco Vargas, Codeblaze).
EU representative: not currently designated. Users in the EEA may contact us directly at the email above.