Privacy Policy

1. Overview

Orkhub ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding that data. We comply with GDPR, CCPA, and applicable data protection regulations.

2. Data We Collect

Account data: Email address, name, billing information when you create an account.

Usage data: Agent interactions, task inputs/outputs, API calls, dashboard activity. This data is used to provide the service and generate analytics.

Business context: Documents, FAQs, brand guidelines, and other materials you upload to configure agents. This data is stored per-tenant and is never shared across accounts.

Integration tokens: OAuth access tokens for connected services (Gmail, Shopify, etc.). These are encrypted at rest and in transit.

3. How We Use Your Data

We use your data to: provide and improve the Orkhub service; process agent tasks on your behalf; generate usage analytics and performance reports; process payments and builder payouts; communicate service updates and support. We do not sell your data to third parties. We do not use your business context data to train AI models.

4. Data Processing by Agents

When you activate an agent or send tasks via API, your input data is processed by the agent's underlying AI model (e.g., Anthropic Claude, Google Gemini). This processing is subject to the respective model provider's data policies. We select model providers that do not use API inputs for training. All agent actions are logged in audit trails accessible from your dashboard.

5. Data Retention

Task data is retained for 30 days by default, configurable per agent. Business context is retained as long as your account is active. Account data is retained for the duration of your account plus 30 days after deletion. Billing records are retained for 7 years per legal requirements.

6. Tenant Isolation

Your data is logically isolated from other users at the database level using Row Level Security (RLS). Business context embeddings are stored in per-tenant vector tables. OAuth tokens are encrypted with per-tenant keys. No agent or builder can access data from another tenant.

7. Your Rights

Under GDPR and CCPA, you have the right to: access your personal data; correct inaccurate data; delete your data ("right to be forgotten"); export your data in a portable format; restrict or object to processing; withdraw consent at any time. To exercise these rights, contact privacy@agenthub.dev.

8. Security

We implement industry-standard security measures including: TLS 1.3 encryption in transit; AES-256 encryption at rest; SOC 2 Type II compliance (in progress); regular security audits and penetration testing; role-based access controls; audit logging of all administrative actions.

9. Cookies

We use essential cookies for authentication and session management. We use analytics cookies (PostHog) to understand how the Platform is used. You can opt out of analytics cookies in your account settings.

10. Contact

For privacy inquiries: privacy@agenthub.dev. Data Protection Officer: dpo@agenthub.dev.