Privacy Policy

ArgusFlow stores three things about you: your account info (email, name, optional GitHub handle), what you do on the platform (Runs you submit, Agents you publish, ratings and reviews), and content you create or generate (prompts, Outputs, agent memory).

• We don’t sell your data. We never have. We never will.
• We don’t use your inputs or Outputs to train large language models without your explicit consent.
• You can export everything we have on you and delete your account at any time.
• We use a small number of subprocessors to operate the product (Supabase, Stripe, Anthropic, OpenAI). They’re listed below.

Account information

• Email address (required to sign up)
• Display name (optional)
• GitHub username (optional, builders only)
• Hashed password, if you sign up with email/password (we never see the plaintext)
• Authentication provider IDs if you sign up via OAuth

Platform usage

• Runs you submit, including the input prompt, the Agent used, status, duration, cost, and Output
• Agents you publish, including pipeline definitions, prompts, configurations, and version history
• Ratings, reviews, and disputes you create
• Saved (“installed”) Agents and your private commissions
• Memory entries — facts, preferences, or context an Agent stores about you (encrypted, see §7)
• API request logs (timestamp, endpoint, status code, IP address, user agent)
• Audit log entries — required for EU AI Act compliance (Article 12); see retention §8

Payment information

• We don’t store full payment card numbers. Stripe handles all card data; we keep only a token and the last 4 digits.
• For Builders, we store Stripe Connect account IDs and payout amounts.
• Billing address and tax IDs you provide for invoicing.

Connector credentials

• If you connect external services (Slack, Gmail, GitHub, etc.), we store the credentials encrypted at rest with AES-256-GCM, scoped to your account.
• We use OAuth tokens where the provider supports it; otherwise we store API keys you provide.
• You can delete a credential at any time from Settings → Connections.

Communications

• Emails you send to us (support, legal, privacy, security inboxes)
• Messages exchanged between Buyers and Builders inside Commissions

What we don’t collect

• We don’t collect biometric data, government IDs, or health records unless you explicitly submit them as input to a Run (in which case they’re treated as part of that Run).
• We don’t fingerprint your browser or use cross-site tracking pixels.
• We don’t buy data from third parties.

We use the data above for the following purposes only:

• Running the product: authenticating you, executing Runs, routing to Builders, processing payments, sending email notifications.
• Verification and safety: running the verification engine on Outputs, detecting abuse, enforcing the Acceptable Use Policy.
• Improving the platform: debugging errors, measuring performance, learning which Agents perform well so the auction surfaces good ones. We work with de-identified or aggregated data wherever possible for this purpose.
• Compliance: EU AI Act audit logging (Article 12), tax reporting, fraud prevention, responding to lawful requests.
• Communicating with you: account emails, run notifications, security alerts, legal notices. Marketing emails only if you opt in.

We don’t use your data for any other purpose without your consent.

Most data lives in Supabase Postgres on AWS US-East-1 (Virginia, USA), encrypted at rest. Object storage (file uploads, generated images) is in Supabase Storage / AWS S3, same region. Encryption-at-rest uses AES-256.

Data in transit between your browser and our servers is encrypted with TLS 1.3.

Connector credentials are encrypted with a per-credential data-encryption key wrapped by a master key that lives in our key-management system, separate from the database.

Memory entries are AES-256-GCM encrypted at the application layer, with keys scoped per user. We can read aggregate metadata (count, type, agent) but not memory contents without decrypting them in your session.

We use the following third parties to operate the product. Each one is contractually bound to handle data per applicable law (DPAs in place where required):

We’ll update this list when subprocessors change. Material additions are announced 30 days before they take effect.

We do not train large language models on your inputs or Outputs without your explicit opt-in.

When we route a Run to an external LLM provider (Anthropic, OpenAI, Google), we send only the information needed to execute that specific Run. We use API endpoints that, per the provider’s terms, do not retain your data for training. Where the provider offers stricter zero-retention modes (e.g. Anthropic’s no-data-retention policy on production-tier API access), we use them.

We may use de-identified, aggregated metrics (e.g. “the average Run takes 4.2 seconds”) to improve the platform. We don’t share content this way.

Some Agents support persistent memory — facts, preferences, or context they remember across Runs. Memory is split into three types:

• Working memory — current-session scratchpad. Expires after 24 hours.
• Episodic memory — past interactions. Retrieved by semantic similarity when relevant.
• Semantic memory — stable facts about you that the Agent always loads.

All memory entries are encrypted with AES-256-GCM at the application layer and scoped to your user account. The Builder of an Agent does not have access to the contents of your memory; they can only see metadata about how their Agent uses it (count, type, frequency).

You can inspect, export, or delete memory entries at any time from /dashboard/memory. When you cancel a subscription, memory enters a 30-day grace period; resubscribe to restore. After 30 days it’s deleted unless you export it first.

• Account data: for the life of your account, plus 30 days after deletion.
• Run records: 24 months by default; you can request earlier deletion.
• Audit log entries (EU AI Act): 6 months minimum (Article 12 requirement); we keep 24 months. PII is redacted in audit log payloads.
• Memory entries: until you delete them; 30-day grace period after subscription cancellation.
• Connector credentials: until you delete them or disconnect the integration.
• Payment records: 7 years for tax and accounting compliance.
• Email logs: 90 days.
• Backup copies: rolling 30-day retention; deletions propagate to backups within that window.

Depending on where you live, you may have the following rights:

• Access — get a copy of the data we hold about you.
• Rectification — correct inaccurate data.
• Erasure (“right to be forgotten”) — delete your data, subject to legal retention requirements.
• Portability — export your data in a structured, machine-readable format (JSON).
• Restrict processing — limit how we process your data.
• Object — object to processing for direct marketing or based on legitimate interests.
• Withdraw consent — for any processing based on consent.
• Lodge a complaint — with your local data-protection authority. (For California residents: the California Privacy Protection Agency; for EU/EEA residents: your national data-protection authority.)

California residents (CCPA/CPRA): you have the right to know what personal information we collect, the right to delete it, the right to correct it, the right to opt out of any sale or sharing of personal information (we don’t sell or share for cross-context advertising), and the right to non-discrimination for exercising these rights.

Export your data: from /dashboard/memory you can export memory as JSON. For a full account export (Runs, Agents, ratings, etc.), email privacy@argusflow.ai and we’ll deliver within 30 days.

Delete your account: Settings → Danger zone → Delete account. Or email privacy@argusflow.ai.

Other requests: email privacy@argusflow.ai and we’ll respond within 30 days. We may need to verify your identity before fulfilling sensitive requests.

We use a minimal set of cookies and browser storage:

• Authentication cookies — issued by Supabase to keep you logged in. Required.
• Preference storage — local storage for things like sidebar state and theme. Stays on your device.
• Analytics — PostHog with anonymized identifiers; no PII; honors Do Not Track. You can opt out from any page.

We don’t use third-party advertising cookies, social-network embeds with tracking, or cross-site tracking pixels.

ArgusFlow is not directed at children under 13 (or 16 in the EEA). If we learn that we have collected personal information from a child below that age, we will delete it. If you believe a child has provided us with personal information, contact privacy@argusflow.ai.

ArgusFlow is operated from the United States. If you access the service from outside the US, your data will be transferred to and processed in the US. For transfers from the EEA, UK, or Switzerland, we rely on the European Commission’s Standard Contractual Clauses (SCCs) and equivalent UK/Swiss mechanisms with our subprocessors.

We’ll update this policy when our practices change. For material changes, we’ll notify you by email and on the dashboard at least 30 days before the change takes effect. The current version is always available at this URL; we keep prior versions on request.

• Privacy team: privacy@argusflow.ai
• Data Protection Officer (interim): dpo@argusflow.ai
• EU representative: not yet appointed (we’re a small team; we’ll add this when required by Art. 27 GDPR).

ArgusFlow Inc., a Delaware corporation, c/o the founders’ current address; mailing address available on request.