Privacy Policy

1. Who we are

AgentGuard is operated by BMD PAT LLC ("we", "us"). This policy describes how we collect, use, and protect your data when you use the AgentGuard dashboard and API.

2. Data we collect

• Account data: Email address and hashed password when you sign up.
• Trace data: Agent execution traces, spans, events, and metadata that you send via the SDK. We only store what your code explicitly sends — the SDK never auto-captures prompts or responses.
• Usage data: Event counts, API request logs, and aggregated metrics for billing and rate limiting.
• Analytics: Anonymous page views via Vercel Analytics (no cookies, no personal data).

3. How we use your data

• Provide and operate the dashboard and API
• Enforce rate limits and plan quotas
• Process billing through Stripe
• Respond to support requests
• Improve the product based on aggregate usage patterns

We do not sell your data. We do not use your trace data to train AI models.

4. Data retention

Trace data is automatically deleted based on your plan: 7 days (Free), 30 days (Pro), 90 days (Team). Account data is retained until you delete your account. Billing records are retained as required by law.

5. Data security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). API keys are SHA-256 hashed before storage. See our Security page for full details.

6. Third-party services

• Vercel: Hosting and edge functions
• Supabase: PostgreSQL database hosting
• Stripe: Payment processing

7. Your rights

You can request export or deletion of your data by contacting pat@bmdpat.com. We respond within 30 days. Automated trace deletion via API is on our roadmap.

8. Changes to this policy

We may update this policy as the product evolves. Material changes will be communicated via email to registered users.

Contact

Questions about privacy? Email pat@bmdpat.com.