Privacy Policy

Last updated: February 2026

1. Information We Collect

We collect information you provide directly to us, including:

  • Account information (name, email, company)
  • Usage data from your AI agent interactions
  • Audit logs and action records
  • Payment information (processed securely via Stripe)

We also automatically collect certain information when you use the Service:

  • Device and browser information (user agent, screen resolution)
  • IP address and approximate location
  • Pages visited and features used within the Service
  • Referring URL and search terms used to find us

The Service is offered only to customers located in the United States, and we do not target or market the Service to users in the EEA, UK, or Switzerland at this time.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Send technical notices and support messages
  • Respond to your comments and questions
  • Monitor and analyze trends and usage
  • Detect, prevent, and address fraud and security issues

3. Legal Bases for Processing

We primarily process personal data to provide the Service and operate our business. If we expand to serve users in jurisdictions with specific legal-basis requirements, we will update this section accordingly.

4. Sharing of Information

We do not sell your personal information. We may share information with service providers (such as hosting, analytics, and payment processors) that help us operate the Service. These providers are authorized to use your information only as necessary to provide services to us. We may also disclose information to comply with law, enforce our Terms, or protect rights, safety, and property.

5. International Transfers

If you access the Service from outside the United States, your information may be transferred to and processed in the United States or other locations where we or our service providers operate. We use appropriate safeguards to protect such transfers where required by law.

6. Data Processing Addendum and Subprocessors

If you need a signed Data Processing Addendum (DPA) or the current list of subprocessors, please review our DPA page at agentactionfirewall.com/dpa.

7. Data Security

We implement appropriate technical and organizational measures designed to protect your data:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Access controls and authentication requirements
  • Security monitoring and assessments as appropriate
  • Third-party API keys encrypted at rest with restricted access

8. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Service and understand usage. The specific technologies we use include:

  • Essential cookies: Required for the Service to function (session management, authentication, locale preferences). These cannot be disabled.
  • Analytics cookies: Google Analytics 4 and PostHog for understanding how users interact with the Service and improving functionality.
  • Marketing cookies: Meta Pixel and LinkedIn Insight Tag for measuring the effectiveness of our advertising on specific pages (signup, pricing, checkout). These are only loaded on certain pages when analytics consent is granted.

You can manage your cookie preferences using the cookie consent banner shown on your first visit, or by adjusting your browser settings. Some features of the Service may not function properly if you disable essential cookies.

Do Not Track: We do not currently respond to Do Not Track (DNT) browser signals. You can manage tracking preferences using our cookie consent banner.

9. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Specific retention periods:

  • Account data: Duration of your account plus 30 days after deletion.
  • Audit logs: According to your plan's retention period (Free: 14 days, Starter: 30 days, Pro: 90 days, Enterprise: 365 days). Audit logs may be retained beyond these periods for compliance or security purposes.
  • Payment records: As required by applicable tax law (typically 7 years).
  • Analytics data: Up to 26 months for aggregated usage analytics.

You can request deletion of your data at any time, subject to these retention requirements and legal obligations.

10. Your Rights

Depending on your location, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Opt out of certain data processing

To exercise any of these rights, contact us at privacy@agentactionfirewall.com. We will respond to your request within 45 days. You may also designate an authorized agent to submit requests on your behalf by providing written authorization.

11. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: You may request the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, ongoing service provision).
  • Right to Opt Out of Sale/Sharing: We do not sell personal information as defined by the CCPA. With your consent (via our cookie consent banner), certain conversion-tracking pixels (Meta Pixel, LinkedIn Insight Tag) may transmit identifiers to those platforms for advertising measurement purposes, which may constitute "sharing" under the CPRA. You may opt out of this sharing at any time by selecting "Essential Only" in our cookie consent banner or by clicking "Manage Cookies" in the footer.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Categories of personal information we collect: Identifiers (name, email, IP address); commercial information (subscription plan, payment history); internet activity (pages visited, feature usage, log data); professional information (company name, job title); and inferences drawn from the above.

To submit a verifiable consumer request, email privacy@agentactionfirewall.com with the subject line "CCPA Request." We will verify your identity before processing the request.

12. Children's Privacy

The Service is not directed to children under 13 years of age, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will promptly delete it. If you believe a child under 13 has provided us with personal information, please contact us at privacy@agentactionfirewall.com.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us at privacy@agentactionfirewall.com