agency engine
LEGAL

Privacy Policy

Privacy Policy

effectiveDate: 2026-03-09

This Privacy Policy explains how [LEGAL ENTITY NAME] ("we," "us," or "our") collects, uses, and protects information when you use Agency Engine ("the Service"). By using the Service, you agree to the practices described here.

1. Information We Collect

Account information: When you create an account, we collect your name and email address.

Project content: We store the content you upload to run the pipeline — client transcripts, scope of work documents, brand assets, and notes. This content is associated with your account and processed using your own Anthropic API key.

API keys and credentials: We store encrypted credentials you connect to the Service (Anthropic API key, and optionally Sanity, Resend, Vercel, and GitHub tokens). These are encrypted at rest using AES-256-GCM and are never returned to your browser or accessible to our team in plaintext.

Usage data: We collect basic information about how you use the Service — pipeline runs, feature usage, and errors — to operate and improve the Service.

Payment information: Billing is handled by our third-party payment processor. We do not store credit card numbers.

2. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Service
  • Send transactional emails (account confirmation, access notifications)
  • Respond to support inquiries
  • Detect and prevent abuse or unauthorized access
  • Improve the Service

We do not sell your information. We do not use your project content or inputs for any purpose other than running your pipeline.

3. AI Processing

Agency Engine uses your own Anthropic API key to call Anthropic's API on your behalf. Your project content is sent to Anthropic's API as part of this process and is subject to Anthropic's privacy policy and terms of service. We do not use your content to train any AI models.

4. Data Sharing

We share information only in the following limited circumstances:

  • Service providers: We use third-party services to operate the platform (hosting, payments, email delivery). These providers access only the data necessary to perform their services and are bound by confidentiality obligations.
  • Legal requirements: We may disclose information if required to do so by law or in response to valid legal process.
  • Business transfers: If we are acquired or merged with another company, your information may be transferred as part of that transaction.

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, all your data — projects, generated files, brand assets, and stored credentials — is permanently deleted from our systems. Deletion is immediate and irreversible.

Backups may retain data for a short period after deletion as part of standard infrastructure operations, after which they are overwritten.

6. Security

We implement reasonable technical and organizational measures to protect your information, including:

  • AES-256-GCM encryption for stored credentials
  • TLS encryption for data in transit
  • Access controls limiting internal access to production data

No security system is impenetrable. We cannot guarantee that your information will never be accessed by unauthorized parties, but we take the protection of your data seriously.

7. Cookies and Tracking

We use Vercel Analytics, a cookieless, privacy-friendly analytics tool, to understand aggregate traffic patterns. We do not use advertising trackers or third-party behavioral tracking.

8. Your Rights

You may at any time:

  • Access or correct your account information from your account settings
  • Delete your account and all associated data
  • Request a copy of the personal data we hold about you
  • Opt out of non-transactional emails by contacting us

To exercise any of these rights, contact us at [CONTACT EMAIL].

9. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy at any time. If we make material changes, we will notify you by email or by posting a notice in the Service. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

11. Contact

Questions about this Privacy Policy? Contact us at [CONTACT EMAIL].