AgentDog

Privacy Policy

Last updated: April 24, 2026

This Privacy Policy describes how AgentDog ("we") collects, uses, and protects information when you use the AgentDog service.

1. What we collect

We collect three categories of data:

  • Account data — your email address, the access code you redeemed, and an API key fingerprint we hash and store (never the raw key after the one-time display).
  • Agent telemetry — when your SDK sends events, we receive run metadata, LLM call inputs/outputs, tool calls, handoff events, state checkpoints, reasoning steps, and the twelve cognitive attributes documented in our GenAI conventions. You control what you send.
  • Operational logs — request logs, error logs, and audit logs (e.g., agent settings changes). These are scoped to your tenant and used to operate, debug, and improve the Service.

2. How we use it

  • To run detectors against your telemetry and surface issues.
  • To draft pull requests via Anthropic's Claude Sonnet, using your linked GitHub repo's source code (read scope only) and the issue evidence — with PII redaction applied before the prompt leaves our infrastructure.
  • To build per-agent memory and surface it to your agents.
  • To compute usage metrics, costs, and audit logs.

We do not sell your data. We do not use your content to train any model that's shared across customers.

3. PII redaction

Before any LLM prompt leaves our backend, we run your evidence through a redaction pipeline that scrubs credit cards, SSNs, emails (preserving domain for context), phone numbers, IP addresses, JWTs, and known API-key formats. Raw evidence stays in the database row; only the redacted version reaches Anthropic. Read the PII redaction docs for the rule list.

4. Sub-processors

We use the sub-processors listed in our sub-processor disclosure. As of the date of this policy:

  • Anthropic — fix generation. Defaults to our DPA with Anthropic; switch to your own with BYOK in agent settings.
  • Supabase — primary datastore (Postgres + auth + storage), us-east by default, EU available on request.
  • Vercel — frontend hosting (dashboard, landing, docs).
  • Render — backend + MCP server hosting.
  • SendGrid — transactional email.
  • GitHub — only the repos you connect; we never scan repos you didn't link.

5. Encryption & security

  • Stored secrets (your GitHub PAT, your BYOK Anthropic key) are encrypted at rest with AES-256-GCM under a key-encryption key (KEK) we manage server-side.
  • API keys are hashed with SHA-256.
  • Row-level security (RLS) enforces tenant isolation in Postgres on every read/write.
  • All network traffic is TLS 1.2+.

6. Retention

We retain telemetry, memories, and detector findings for as long as your account is active. On account closure, we delete tenant data within 30 days unless legal hold requires otherwise. You can request deletion at any time at yash@tryagentdog.com.

7. Your rights

You may:

  • Access the data we hold about you (via the dashboard or by request).
  • Request correction or deletion.
  • Object to specific uses.
  • Export your data (telemetry + memories + audit logs).

Email yash@tryagentdog.com for anything you can't self-serve in the dashboard.

8. Cookies & analytics

The dashboard uses essential cookies for sign-in (Supabase Auth) and local storage for UI preferences (theme, sidebar state). We do not use ad-targeting cookies. Analytics, when enabled, is privacy- preserving (no cross-site tracking, no fingerprinting).

9. International transfers

Our default region is us-east. EU customers can request EU-region provisioning; contact us before signup. Cross-border transfers are governed by our DPA and the Standard Contractual Clauses.

10. Children

AgentDog is not intended for users under 18. We do not knowingly collect data from minors.

11. Contact

Questions or concerns: yash@tryagentdog.com. For security issues: yash@tryagentdog.com.