Privacy Policy

Last updated: May 2026

What we collect

What we don't do

Sub-processors

We use the following sub-processors to deliver the service. Each one only receives the data needed for their function:

PII handling

Free-form text sent to LLMs is automatically scanned and common identifiers (emails, phone numbers, SSNs, credit cards, addresses, IPs) are replaced with stable placeholders before transmission, when the strict-mode flag is enabled.

Your rights (GDPR / CCPA)

You may export or delete your organization's data at any time. Use the Delete my organization control on the Settings → Team page, or contact privacy@aigency.app. Deletion is permanent and irreversible; we will purge live data within 30 days and backups within 90 days.

Security

All passwords are hashed with bcrypt (cost 12). All vault secrets are encrypted at rest with AES-256-GCM. All inter-service traffic is TLS 1.2+. Audit logs are append-only with a SHA-256 hash chain so tampering is detectable.

Contact

Questions? privacy@aigency.app