AgentCCSign up

Privacy Policy

Last updated: June 20, 2026

AgentCC is built privacy-first. This policy explains what we collect, what we deliberately do not, and how your data is handled.

What we never collect

The SDK never sends your prompts, completions, system messages, or LLM provider API keys. Prompt content is reduced on your machine to a one-way fingerprint (message counts, sizes, and a SHA-256 hash) that cannot be reversed into the original text.

What we collect

Account data: the email address you sign up with, managed through our authentication provider.

Telemetry from the SDK: per-call usage metadata — agent identifier, model name, input/output token counts, computed cost, latency, a stream flag, tool-call names (names only, never arguments), and the content-free prompt fingerprint described above.

Keys: the AgentCC API keys you create (used to attribute incoming telemetry to your account).

How we use it

To provide the Service: aggregate your usage, surface waste alerts and savings estimates, enforce budgets and the kill switch, and show per-agent analytics. We do not sell your data.

Storage & security

Data is stored in our managed database (Supabase/Postgres) with row-level security so each account can only access its own data. Access is authenticated; the SDK ingest path is authorized by your API key.

Third-party services

Your LLM provider (e.g. OpenAI) is your own relationship and is governed by their privacy policy — AgentCC sits beside that call and never receives its content. We rely on infrastructure providers (e.g. our database/auth host) to operate the Service.

Data retention

Telemetry is retained to power your historical analytics. You can request deletion of your account and associated data.

Your rights

You may access, correct, export, or delete your data. Contact us to make a request.

Changes

We may update this policy; the "Last updated" date above reflects the latest version.

Contact

Questions about privacy? Contact the AgentCC team. See also our Terms & Conditions.