Agent

Policy

Privacy policy

What we collect, how we use it, and how long we keep it.

Privacy Policy

**AI Magic, LLC** ("we," "us," "our") Effective date: April 4, 2026

Agent is a platform for running long-lived AI computers. This policy explains what data we collect, why we collect it, how we protect it, and what choices you have. We wrote it in plain language on purpose — no one should need a law degree to understand how their data is handled.

---

1. Information we collect

### Information you give us

  • **Account details** — your email address and profile information from the identity provider you use to sign in (currently Google OAuth).
  • **Messages and files** — anything you type into a conversation with an agent, and any files you upload.
  • **Secrets** — API keys, tokens, or credentials you save in the encrypted secret store.
  • **Agent configuration** — agent names, thread names, account settings, and agent profile data.
  • **Billing information** — payment details are collected and processed by Stripe; we store transaction history, credit balances, and top-up preferences on our side.
  • **Support requests** — anything you send us when asking for help.

### Information we collect automatically

  • **Usage data** — which features you use, when you use them, and how often.
  • **Machine data** — computer name, state, runtime status, and session information for the remote machines that run your agents.
  • **Desktop session data** — if you use the secure desktop feature, we collect browser state and session tokens needed to keep it working.
  • **Analytics** — we may use analytics tools (such as PostHog and Google Analytics) to understand how people use the product. These tools may collect device type, browser, rough location, online identifiers, and interaction patterns.
  • **Logs** — server logs that include IP addresses, request timestamps, and error details.

### Cookies and similar technologies

We use cookies and similar technologies to keep you signed in, remember your preferences, and understand how the product is used. Specifically:

  • **Essential cookies** — required for authentication and session management. The service cannot function without these.
  • **Analytics cookies** — if analytics are enabled, our analytics providers may set cookies or use similar technologies to distinguish unique users and track usage patterns.

We do not use advertising cookies. Most browsers let you control or block cookies through their settings. Blocking essential cookies may prevent you from using Agent.

---

2. How we use your information

We use your data to:

  • **Run the service** — create your account, spin up machines, execute agents, deliver messages, store files, and manage your desktop sessions.
  • **Process payments** — track credit usage, handle purchases, and manage auto top-ups.
  • **Keep things secure** — detect abuse, block obvious secrets from appearing in chat, enforce access controls, and investigate incidents.
  • **Fix problems** — diagnose bugs, monitor performance, and improve reliability.
  • **Communicate with you** — respond to support requests and send important service updates.
  • **Improve the product** — understand usage patterns so we can make Agent better.

We do **not** use your conversation content or uploaded files to train our own AI models. When your messages are sent to third-party model providers for processing, those providers' own terms and data practices apply.

---

3. How we share your information

**We do not sell your personal data.**

We share data only when necessary to operate the service or comply with the law:

| Who | Why | What they get | |-----|-----|---------------| | **Authentication provider** (Supabase) | Sign-in and session management | Email, auth tokens | | **Payment processor** (Stripe) | Billing and payments | Payment and transaction details | | **AI model providers** | Processing your agent conversations | Message content sent to the model | | **Infrastructure providers** (Daytona, cloud hosts) | Running and hosting your machines | Machine state, files, runtime data | | **Analytics providers** (PostHog and Google Analytics, if enabled) | Product analytics | Usage events, device/browser data, online identifiers, and rough location |

Each provider receives only the data needed to do its job and is bound by its own privacy obligations.

We may also share data if required by law, court order, or legal process, or to protect the rights, safety, or property of AI Magic, our users, or the public.

### Business transfers

If AI Magic is involved in a merger, acquisition, bankruptcy, or sale of all or a portion of its assets, your data may be transferred as part of that transaction. We will make reasonable efforts to notify you (for example, via a notice on the product or an email to your account) and explain your options in connection with any such transfer.

---

4. Secrets and credentials

We take credential handling seriously:

  • **Chat protection** — the product actively blocks obvious secrets (passwords, tokens, one-time codes) from appearing in chat messages.
  • **Encrypted storage** — secrets saved in the secret store are encrypted at rest and scoped to the specific machine you saved them on.
  • **Minimal exposure** — we avoid showing raw secrets back to the AI model whenever possible.

For more details, see our [Credential Handling Guide](/credentials).

---

5. Data retention

  • **Active accounts** — we keep your data for as long as your account is active and you need the service.
  • **Deleted content** — when you delete an agent, we delete its associated data (threads, messages, desktop state, secrets) from our active systems. Residual copies may briefly persist in backups or logs before being cycled out. Some billing records and security logs may be retained longer for accounting and abuse prevention.
  • **Closed accounts** — if you stop using the service, we retain data only as long as necessary to fulfill legal obligations, resolve disputes, or enforce our agreements.

---

6. How we protect your data

We use multiple layers of security:

  • **Access controls** — account-based isolation ensures you can only access your own agents, machines, and data.
  • **Encryption** — secrets are encrypted at rest; connections use TLS in transit.
  • **Network isolation** — core services run behind private-network routing.
  • **Short-lived tokens** — desktop sessions use temporary tokens that expire quickly.
  • **Locked-down machines** — file permissions on managed machines are restricted to the minimum necessary.

No system is perfect. If you believe your account or data has been compromised, contact us immediately at **mattshumertech@gmail.com** so we can help.

---

7. Your choices and rights

You can:

  • **Access your data** — view your agents, messages, files, and billing history within the product.
  • **Delete your data** — remove agents, threads, secrets, and desktop sessions at any time.
  • **Sign out** — end your session from any device.
  • **Stop using the service** — you can leave at any time; no lock-in.

### For users in the European Economic Area (EEA)

If you are located in the EEA, you may have additional rights under the GDPR, including the right to access, correct, delete, or port your data, and the right to restrict or object to certain processing. To exercise these rights, contact us at **mattshumertech@gmail.com**.

Our legal basis for processing your data is typically the performance of our contract with you (providing the service) or our legitimate interests (security, improvement, and abuse prevention).

You also have the right to lodge a complaint with your local data protection authority if you believe we are processing your data unlawfully.

### For California residents

If you are a California resident, the CCPA gives you the right to know what personal information we collect, request its deletion, and opt out of its sale. As stated above, we do not sell personal information. To make a request, contact us at **mattshumertech@gmail.com**.

We do not respond to Do Not Track (DNT) browser signals because there is no industry-standard way to honor them. However, we do not engage in cross-site tracking.

---

8. Children's privacy

Agent is not intended for anyone under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from someone under 18, we will take steps to delete that information.

---

9. International data transfers

If you are located outside the United States, your data may be transferred to and processed in the United States, where our servers and service providers are located. These transfers are necessary to provide the service to you under our agreement. We take reasonable steps to ensure your data is protected in accordance with this policy regardless of where it is processed.

---

10. Third-party links

Agent may contain links to third-party websites or services. We are not responsible for their privacy practices. We encourage you to read their privacy policies before providing them with any data.

---

11. Changes to this policy

We may update this policy as the product evolves. If we make meaningful changes, we will update the effective date at the top of this page and, where appropriate, notify you through the product.

---

12. Contact us

If you have questions about this policy or how we handle your data:

**AI Magic, LLC** Email: **mattshumertech@gmail.com**