Privacy Policy
Last updated: June 23, 2026
On this page
Overview
AgentAudit (“we”, “us”, or “our”) is the operator of the AgentAudit compliance platform. This Privacy Policy describes how we collect, use, store, and share personal data when you use our website, API, SDKs, or dashboard.
By using AgentAudit, you agree to this Privacy Policy. If you do not agree, please do not use the service.
Data we collect
Account and organization data
When you register, we collect your name, email address, and a bcrypt password hash. We also store your organization plan, billing status, notification preferences, webhook URL, and a Stripe customer ID if you subscribe to a paid plan.
API usage data
Each call to the AgentAudit API is logged as an audit event. Depending on what you send, this may include the agent action, prompt text, response text, metadata, agent ID, trace ID, compliance flags, and the enforcement action taken. You control how much data your agents send to us.
API keys
API keys are displayed once in plain text and then stored only as keyed hashes. We cannot retrieve your raw API key after creation.
Email and support data
We store email delivery records for welcome, alert, and billing emails. If you contact us, we keep the correspondence to provide support.
How we use data
We use the data we collect to:
- Provide the AgentAudit service, including guardrails, audit logs, alerts, and dashboard features.
- Enforce compliance rules you configure.
- Send transactional emails such as welcome messages, high/critical alerts, and billing notices.
- Process payments and manage subscriptions through Stripe.
- Maintain security, prevent abuse, and diagnose issues.
- Comply with legal obligations.
Sharing and subprocessors
We do not sell your data. We share data only with service providers necessary to operate the service:
- Railway — application hosting and PostgreSQL database.
- Stripe — payment processing and subscription management.
- Resend — transactional email delivery.
- Sentry — error tracking and observability (optional, only if you provide a Sentry DSN).
We may also disclose data if required by law, regulation, or valid legal process, or to protect our rights, users, or the public.
Security
We use TLS for data in transit and follow industry practices for data at rest. Passwords are hashed with bcrypt. API keys are hashed and never stored in plaintext. Custom validators execute in an isolated V8 environment. Customer webhooks are validated to block private, loopback, and metadata IP targets.
Despite these measures, no online service is perfectly secure. Please report security concerns to support@agentaudit.online.
Retention
Account data and audit logs are retained until you delete your account or request deletion. During the beta, audit logs are not automatically deleted based on age. Email delivery records are retained for 90 days. Backups may retain copies for up to 30 days after deletion.
See our Data Retention & Deletion Policy for details.
Your rights
You can update most account information, including notification preferences and webhook URL, from the dashboard. To access, export, or delete your data, contact us at support@agentaudit.online. We will respond within 30 days.
Cookies
We use only the cookies and local storage necessary for authentication and dashboard state. We do not use third-party tracking or advertising cookies.
Changes
We may update this Privacy Policy as the service evolves. We will notify you of material changes by email or through a prominent notice on the website. The “Last updated” date at the top of this page shows when this policy was last revised.
Contact
AgentAudit: support@agentaudit.online
Website: https://agentaudit.online