Privacy Policy

Last updated: 2026-05-14

What we collect

• Email address — when you sign in. Used only for authentication and account-related emails.
• Session cookies — to keep you logged in. Server-side, signed, HttpOnly, Secure (in production).
• API key usage logs — count of API calls per key, last-used timestamp. Used for rate limiting and billing.
• Billing data — handled by Stripe; we store only the Stripe customer ID and subscription status, never card details.
• Server logs — IP, user-agent, path. Used for debugging + abuse prevention. Auto-deleted after 30 days.

What we don't do

• No tracking pixels, no third-party analytics, no advertising cookies.
• No selling of data, ever.
• No training of AI models on your data or queries.

Third parties

• Stripe — payment processing (PCI DSS Level 1, GDPR-compliant DPA)
• Resend — transactional email delivery (US-based, EU SCC in place)
• Sentry (optional) — error tracking
• Fly.io — hosting (EU-hosted by default)

Public agent data

We index publicly-published /.well-known/agent-card.json endpoints. If you operate an agent and want it removed from our index, email hello@agenstry.com or block our crawler via robots.txt (User-agent: AgenstryBot).

Your rights

Under GDPR you can request export or deletion of your account data at any time — email hello@agenstry.com. We respond within 30 days.

Contact

Agenstry · hello@agenstry.com