Privacy Policy: Agentcy Application

Applies to: app.agentcymarketing.co and the Agentcy application
Last updated: May 16, 2026
Contact: [email protected]

This policy describes the personal data Agentcy processes when you use the Agentcy application — creating an account, building brands, generating content, connecting marketing platforms, and managing campaigns. For data collected on our public marketing site, see the Marketing Website Privacy Policy.

By signing up for or using Agentcy, you agree to the practices described here.


1. Who we are and our role

Agentcy is a service of Agentcy, LLC (the “Service Provider”). The Service Provider acts in two roles depending on the data involved:

  • Controller of your account data (name, email, billing details, account-level metadata).
  • Processor of the workspace and brand content you create or upload, and of the platform data we read on your behalf from your connected accounts (Google Ads, Meta, Shopify, etc.). For that data, you are the controller. Our Data Processing Addendum is available on request at [email protected].

This distinction matters because it determines who is responsible for what under GDPR and similar laws. If you process personal data of your own customers through Agentcy, you remain responsible to those customers for it.


2. What we collect

2.1 Account data. Managed by our authentication provider, Clerk. We receive your email, name, hashed password verification (we never see your plaintext password), authentication factors (e.g., MFA), session metadata, and account timestamps.

2.2 Workspace and team data. Workspace name, type (solo or agency), team members and their roles, invitations, subscription tier, Stripe customer ID, and model configuration.

2.3 Brand content. For each brand you manage:

  • Brand kit (voice, tone, mission, personas, colors, typography, content pillars)
  • Client brief (goals, budget allocation, competitors, timeline)
  • Strategies, plans, campaigns, content drafts, approved content, generated assets
  • The brand’s full conversation history with the orchestrator agent

2.4 AI memory. Vector embeddings derived from your interactions, stored in pgvector inside our database. These give the agent long-term context for each brand. Always scoped to a single brand — never shared across brands or customers.

2.5 Integration tokens. When you connect a marketing platform (Google Ads, Meta, Mailchimp, Shopify, etc.), the OAuth access and refresh tokens are stored encrypted with AES-256 using a key held in Supabase Vault. We never store the platform passwords themselves. The encryption key is rotated periodically and irreversible — if we lose it, your connections become unusable, not exposed.

2.6 Platform data we read on your behalf. When you connect a platform, we read campaign metrics, content, customer lists, orders, analytics, and other data that the platform exposes through its API. This data is stored under your workspace so the orchestrator can reason over it. It may include personal data of your customers — you remain the controller of that data.

2.7 Files. Brand assets, generated images, exported reports, and other files uploaded to or generated inside Agentcy. Stored in Supabase Storage with server-side encryption and accessible only via signed URLs.

2.8 Billing data. Subscription state, invoices, and payment-method references. Handled by Stripe — we receive only the customer record and the last four digits of the card on file. We never see your card number or full details.

2.9 Audit logs and security data. Logins, approvals, integration connects, billing events, and significant configuration changes, retained for security, compliance, and incident response.

2.10 Landing-page submissions. If you publish landing pages through Agentcy, the form submissions are stored under the corresponding brand. They may also be pushed to any CRM you have connected (HubSpot, Salesforce, Pipedrive, Close).

2.11 Usage telemetry. Page views, feature usage, daily AI generation counts, and error reports. Used to operate, monitor, and improve the product.


3. How we use it

We process the data above to:

  • Provide the service. Run your workspace, generate content with the orchestrator agent, sync data with your connected platforms, enforce roles and permissions, send transactional email.
  • Bill you. Charge subscriptions, process top-ups, handle invoices and refunds through Stripe.
  • Enforce tier limits and guardrails. Track daily AI generation counts, brand counts, seat counts, and other plan-defined limits.
  • Operate the AI agent. Send the relevant subset of your brand data to AI model providers (see Section 5) to generate strategies, content, and analysis. AI memory is used to give the agent longer context across sessions for a single brand.
  • Run approvals and autonomy controls. Route agent actions for human approval per your workspace’s autonomy configuration.
  • Maintain audit logs. For security, incident response, billing disputes, and compliance.
  • Detect and prevent abuse. Rate-limit violations, fraud, scraping, exploit attempts.
  • Communicate with you. Service announcements, important account or security notices, optional product updates.
  • Improve the product. Aggregate, de-identified usage metrics inform what we build next.
  • Comply with law. Tax reporting, lawful legal demands, response to regulators.

4. Legal bases (for EU / UK customers)

PurposeLegal basis
Providing the service under your subscriptionContract (GDPR Art. 6(1)(b))
Billing and tax complianceContract and legal obligation (Art. 6(1)(b), (c))
Security, fraud prevention, audit logsLegitimate interest (Art. 6(1)(f))
Processing your customer data through the appYou are the controller; we process on your documented instructions (Art. 28)
Product analytics and improvementLegitimate interest in operating the service (Art. 6(1)(f))
Optional product update emailsConsent (Art. 6(1)(a)) — withdrawable any time

5. AI providers and how AI processes your data

The orchestrator agent and sub-agents call AI models from external providers. Today these are Anthropic (Claude — used directly) and other providers routed through OpenRouter (e.g., GPT-4o, Gemini, Mistral). Local models are not used at launch but the architecture supports them.

What goes to AI providers. For each AI call we send the relevant subset of brand data: the brand kit, the active strategy, recent conversation, and (depending on the task) snippets of platform data. We do not include your password, OAuth tokens, billing details, or audit logs in prompts.

Training. API calls to Anthropic are not used for model training by default, and the no-training header is passed for OpenRouter-routed calls. To our knowledge no AI provider uses your data to train models on Agentcy’s behalf, but you should consult each provider’s own privacy policy.

Retention at the provider. AI providers typically retain prompts and responses for a short period for safety monitoring (Anthropic’s standard retention is 30 days; OpenRouter routes to underlying providers with their own retention). We do not control these retention windows. If you require zero provider-side retention, contact us about an enterprise arrangement — this is not available on our public tiers.

AI memory inside Agentcy. Memory vectors are stored in our own database, scoped to a single brand, and never shared across brands or customers. Deleting a brand deletes its AI memory.

No automated decisions with legal effect. AI-generated outputs (content, recommendations, analyses) are advisory. Any action that would modify a live marketing platform — publishing content, launching an ad, sending an email campaign — flows through our approvals system and (where you’ve configured it) requires human review.


6. Who we share data with

We share data only with the subprocessors required to operate Agentcy, with the platforms you’ve explicitly connected, and where required by law.

6.1 Subprocessors.

SubprocessorPurpose
ClerkAuthentication, sessions, MFA
SupabasePrimary database, file storage, vector store
StripeSubscription billing, payment processing
VercelApplication hosting and edge infrastructure
UpstashRate-limit state
ResentTransactional email
AnthropicAI inference (Claude models)
OpenRouterAI inference routing (non-Anthropic models)
Sentry / Axiom (or successor observability vendor)Error monitoring and structured logging

We will give workspace owners at least 30 days’ notice before adding a new subprocessor that handles personal data.

6.2 Connected marketing platforms. When you connect Google Ads, Meta, Mailchimp, Shopify, or any other platform, Agentcy reads from and (with your approval) writes to that platform on your behalf. Data flows are bi-directional and governed by the platform’s own terms. We share with each platform only what is needed to perform the action you’ve authorized.

6.3 Legal demands. We disclose data in response to subpoenas, court orders, or other valid legal process. Where we are legally permitted, we will notify the affected workspace owner before disclosing.

6.4 Corporate transactions. If Agentcy is involved in a merger, acquisition, or asset sale, your data may transfer to the successor — bound by terms no less protective than this policy. You will be notified.

We do not sell your data, share it for cross-context advertising, or use it to train AI models for any third party.


7. International data transfers

Agentcy’s primary infrastructure is in the United States. If you access Agentcy from outside the US, your data is transferred to and processed in the US (and potentially other regions where our subprocessors operate). Where transfers from the EU, UK, or Switzerland are involved, we rely on the European Commission’s Standard Contractual Clauses (with the UK Addendum or Swiss equivalent where applicable) and supplementary measures consistent with current guidance.


8. Retention

We retain personal data only as long as needed to provide the service or meet legal obligations.

Data categoryRetention
Account dataUntil you delete your account, then 30 days soft-delete window before you hard delete
Workspace, brand, content dataUntil you delete the workspace/brand, then 30-day soft-delete window
AI memory vectorsSame as the brand they belong to
Integration tokensUntil you disconnect, then immediate deletion
FilesUntil you delete them, then within 24 hours from active storage
Billing records (invoices, payments)7 years (tax and accounting law)
Audit logsUp to 7 years from security-relevant events; 12 months otherwise
BackupsRolling 35-day window

Full deletion mechanics are described in the App Data Deletion Policy.


9. Your rights and choices

Depending on where you live, you may have rights including access, correction, deletion, portability, restriction, objection, and withdrawal of consent. To exercise any of these:

  • In-app controls. Most rights are exposed in Settings: edit profile, export workspace data, delete brand, delete workspace, delete account.
  • By email. [email protected] with a description of your request. We respond within the statutory window for your jurisdiction (30 days for GDPR; 45 days for CCPA/CPRA, extendable per the statute).

California residents (CCPA / CPRA): You have the right to know, delete, correct, opt out of any “sale” or “sharing” (we do neither), and to non-discrimination. Authorized agents may submit requests with verifiable authority.

EU / UK residents: In addition to direct requests to us, you have the right to lodge a complaint with your supervisory authority.

Data portability. Export your brand kit, strategy, plan, content calendar, and conversation history in JSON or PDF; performance data in CSV. Available in Settings → Export.


10. Security

Our security posture is detailed in our SECURITY page and includes:

  • TLS 1.2+ on all connections
  • AES-256 encryption at rest for sensitive secrets (OAuth tokens) via Supabase Vault
  • Row-level security on every database table for workspace and brand isolation
  • Role-based authorization on every API route
  • Rate limiting on every mutation route
  • Encrypted server-side file storage with signed-URL-only access
  • 90-day secret rotation
  • Audit logging of significant actions

If we discover a personal-data breach affecting you, we will notify the affected workspace owner without undue delay and in accordance with applicable law.

For security issues, contact [email protected].


11. Children

Agentcy is a business product not directed at children. We do not knowingly allow children under 16 to create accounts or process their data. If we learn a child has created an account, we will delete it.


12. Account suspension and deletion

We may suspend or terminate accounts that violate our Terms of Service, engage in abuse, fail to pay, or use the service to violate the law. Suspended accounts retain their data through the standard soft-delete window unless the breach requires faster action.

You may delete your account at any time per the App Data Deletion Policy.


13. Changes to this policy

We will update the “Last updated” date when this policy materially changes. For significant changes (new subprocessors that handle personal data, new processing purposes, or expanded data collection), we will notify workspace owners by email at least 30 days before the change takes effect. The current version is always at app.agentcymarketing.co/privacy-policy.


14. Contact

Agentcy, LLC
[email protected]

This document is operational policy, not legal advice. It should be reviewed by your counsel before publication.