Privacy Policy
Last updated: June 20, 2026
AgentCC is built privacy-first. This policy explains what we collect, what we deliberately do not, and how your data is handled.
What we never collect
The SDK never sends your prompts, completions, system messages, or LLM provider API keys. Prompt content is reduced on your machine to a one-way fingerprint (message counts, sizes, and a SHA-256 hash) that cannot be reversed into the original text.
What we collect
Account data: the email address you sign up with, managed through our authentication provider.
Telemetry from the SDK: per-call usage metadata — agent identifier, model name, input/output token counts, computed cost, latency, a stream flag, tool-call names (names only, never arguments), and the content-free prompt fingerprint described above.
Keys: the AgentCC API keys you create (used to attribute incoming telemetry to your account).
How we use it
To provide the Service: aggregate your usage, surface waste alerts and savings estimates, enforce budgets and the kill switch, and show per-agent analytics. We do not sell your data.
Storage & security
Data is stored in our managed database (Supabase/Postgres) with row-level security so each account can only access its own data. Access is authenticated; the SDK ingest path is authorized by your API key.
Third-party services
Your LLM provider (e.g. OpenAI) is your own relationship and is governed by their privacy policy — AgentCC sits beside that call and never receives its content. We rely on infrastructure providers (e.g. our database/auth host) to operate the Service.
Data retention
Telemetry is retained to power your historical analytics. You can request deletion of your account and associated data.
Your rights
You may access, correct, export, or delete your data. Contact us to make a request.
Changes
We may update this policy; the "Last updated" date above reflects the latest version.
Contact
Questions about privacy? Contact the AgentCC team. See also our Terms & Conditions.