AgentFleet
Sign InGet Started
Back to home

Privacy Policy

Last updated: February 23, 2026

1. Introduction

AgentFleet (“we,” “our,” or “us”) operates the AgentFleet platform at agentfleet.cloud. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website and services.

By using AgentFleet, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use our services. This policy should be read in conjunction with our Terms of Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address and, if you sign in with Google, your name and profile picture as provided by Google. Authentication is managed through Supabase, our authentication provider.

2.2 Billing Information

Payment processing is handled entirely by Stripe. We do not store your credit card numbers, bank account details, or other payment credentials on our servers. Stripe may collect and store payment information in accordance with their own privacy policy. We store a Stripe customer ID linked to your account for subscription management.

2.3 Agent Configuration Data

When you deploy AI agents, we store the configuration you provide, including agent names, system prompts, personality descriptions, tool permissions, channel integrations (e.g., Telegram bot tokens, Slack tokens, Discord tokens), workspace settings, inter-agent communication policies, and evolution preferences.

2.4 Credentials and API Keys You Provide

AgentFleet operates on a bring-your-own-key (BYOK) model. You supply your own API keys and credentials for AI providers and third-party services. These include, but are not limited to: AI provider API keys, messaging platform tokens, email account credentials, advertising platform credentials, CRM credentials, database connection strings, DNS provider credentials, and cloud infrastructure tokens. All credentials are encrypted at rest using AES-256-GCM encryption and are only decrypted at runtime on the server infrastructure that runs your agents. We never access or use your credentials for any purpose other than operating your agents as configured.

2.5 Usage Data

We collect basic usage analytics including page views, feature usage patterns, deployment events, and error logs to improve our service. We do not track you across third-party websites.

2.6 Agent Interaction Data

Messages processed by your deployed agents (e.g., Telegram messages, email communications, browser sessions, inter-agent messages) are handled on your dedicated infrastructure. We do not routinely monitor, read, or store the content of messages your agents process. However, we may access logs for:

  • Debugging at your explicit request through our support channels
  • Investigating reported violations of our Terms of Service
  • Responding to valid legal process (court orders, subpoenas)
  • Protecting the security of our infrastructure and other users

2.7 Agent Evolution Data

We store records of evolution proposals made by your agents, including the proposed changes, risk classifications, and approval/rejection status. This data is used to operate the evolution feature and is associated with your deployment.

2.8 Browser Session Data

If your agents use browser automation, session metadata (session IDs, timestamps, status) is stored in our database. The actual browser content and authentication contexts are managed by our cloud browser provider (Browserbase). Screenshots may be temporarily stored for your review in the dashboard.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the AgentFleet platform
  • Process your transactions and manage your subscription
  • Deploy and operate your AI agents on our infrastructure
  • Send you service-related communications (e.g., billing receipts, deployment status updates, evolution notifications)
  • Detect and prevent fraud, abuse, or security incidents
  • Enforce our Terms of Service and Acceptable Use policy
  • Comply with legal obligations
  • Improve the security and reliability of our infrastructure

We do not sell your personal information to third parties. We do not use your data to train AI models. We do not use your agent configurations, credentials, or interaction data for any purpose other than providing the Service.

4. Data Storage and Security

Your data is stored across the following providers:

  • Supabase — Account data, agent configurations, workspace metadata, and encrypted credentials (PostgreSQL, hosted on AWS)
  • Stripe — Payment and billing data
  • Hosting Providers — Your deployed agents run in isolated Docker containers on virtual private servers. Multiple agent containers may share the same physical server but are isolated at the container level
  • Browserbase — Cloud browser sessions and persistent authentication contexts (if browser features are enabled)

Security measures include:

  • AES-256-GCM encryption for all API keys, tokens, and credentials at rest
  • TLS encryption for all data in transit
  • Container isolation between agent deployments
  • SSH key-based authentication for infrastructure access
  • Role-based access controls on our database

While we employ industry-standard security practices, no system is completely secure. We cannot guarantee absolute security of your data. You acknowledge this inherent risk when using the Service.

5. Third-Party Services and Data Sharing

AgentFleet integrates with third-party services to provide its functionality. We share data with third parties only as necessary to operate the Service:

5.1 Agent-Initiated Data Sharing

When you connect external services to your agents and grant tool permissions, your agents may transmit data to those third-party services as part of their operation. This includes, but is not limited to, data sent to AI model providers, messaging platforms, advertising platforms, CRMs, databases, DNS providers, and other integrated services. You are the data controller for any personal data your agents process or transmit to third parties. We encourage you to review the privacy policies of all services you connect to your agents.

6. Data Retention

We retain your data as follows:

  • Account data: Retained for as long as your account is active
  • Agent configurations and deployments: Deleted within 30 days of deployment destruction or account deletion
  • Encrypted credentials: Deleted when the associated deployment is destroyed or when you remove them
  • Billing records: Retained as required by tax and financial regulations (typically 7 years)
  • Usage logs: Retained for up to 90 days for operational purposes
  • Evolution proposals: Retained for the lifetime of the associated deployment
  • Browser session metadata: Deleted when the associated session is terminated or deployment is destroyed

When you delete your account, we initiate deletion of all associated data within 30 days. Some data may persist in encrypted backups for up to 90 additional days before automatic purge.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (“right to be forgotten”)
  • Export your data in a portable format (data portability)
  • Withdraw consent for data processing
  • Object to certain types of data processing
  • Restrict processing of your data
  • Lodge a complaint with a supervisory authority

To exercise any of these rights, contact us at privacy@agentfleet.cloud. We will respond within 30 days (or sooner if required by applicable law). We may ask you to verify your identity before processing your request.

7.1 Data Processed by Your Agents

If your agents process personal data of third parties (e.g., customer data, leads, messages from end users), you are the data controller for that data. AgentFleet acts as a data processor only insofar as we provide the infrastructure on which your agents operate. You are responsible for responding to data subject rights requests from individuals whose data your agents process.

8. Cookies and Tracking

We use the following types of cookies:

  • Essential cookies: Required for authentication, session management, and security (e.g., Supabase auth cookies, CSRF tokens). These cannot be disabled.
  • Functional cookies: Used for preferences such as pending tier selection during signup. Short-lived (1 hour maximum).
  • Analytics cookies: Minimal analytics to understand how our service is used. We do not use advertising or cross-site tracking cookies.

We do not use cookies for advertising, remarketing, or cross-site tracking purposes.

9. Children's Privacy

AgentFleet is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete it promptly. If you believe a child has provided us personal information, please contact us at privacy@agentfleet.cloud.

10. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. By using AgentFleet, you consent to the transfer of your data to these countries. We ensure appropriate safeguards are in place for international data transfers, including standard contractual clauses where applicable.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on appropriate legal mechanisms for cross-border data transfers as required by GDPR.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect, use, and disclose
  • The right to request deletion of your personal information
  • The right to opt out of the sale of personal information (we do not sell personal information)
  • The right to non-discrimination for exercising your CCPA rights

To exercise your CCPA rights, contact us at privacy@agentfleet.cloud.

12. Security Incident Response

In the event of a data breach affecting your personal information, we will notify affected users within 72 hours of becoming aware of the breach, as required by applicable law. Notification will be sent to the email address associated with your account.

13. Data Processing Agreement

If you require a Data Processing Agreement (DPA) for GDPR compliance or other regulatory requirements, please contact us at privacy@agentfleet.cloud. We can provide a DPA upon request for customers on paid plans.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Material changes will be effective 30 days after posting. Continued use of AgentFleet after the effective date constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: