Privacy Policy

AgentPays (“we”, “us”, “our”) provides infrastructure that lets you control how your AI agents spend money. This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using AgentPays, you agree to the practices described below.

Account information

When you create an account, our authentication provider (Clerk) collects your email address, name, and Google profile information used during sign-in. We receive a user identifier from Clerk and the basic profile details associated with your account.

Integration credentials

If you connect Privacy.com to issue virtual cards, we store your Privacy.com API key encrypted at rest in our database. The key is used to create single-use virtual cards on your behalf when your agents make approved purchases.

Payment information

When you save a payment method, Stripe stores your card details and returns a token to us. We never store your full card number or CVC. Stripe is used to collect our transaction fee.

Agent and purchase data

We store the agents you create, their spending rules, every purchase request your agents submit (including the merchant, amount, description, and justification), and the resulting transaction record.

Usage data

We collect product analytics through PostHog (pageviews, feature usage, basic device and browser metadata, and session recordings of dashboard activity) and privacy-friendly aggregate traffic measurement through Vercel Analytics. PostHog analytics run only after you consent through the banner shown on your first visit. Vercel Analytics is cookieless and does not identify individual users. We use this to understand how the product is used and to improve it.

• Authenticate you and operate your account.
• Create single-use virtual cards through Privacy.com when your agents make approved purchases.
• Enforce the spending rules you configure (per-agent budgets, velocity limits, merchant allow/deny lists).
• Collect our transaction fee (1.5% or $0.50 minimum) via Stripe.
• Send transactional emails such as purchase approval notifications through Resend.
• Analyze product usage, debug issues, and improve features through PostHog product analytics and session recordings.
• Protect against fraud, abuse, and security threats, and comply with legal obligations.

We do not sell your personal information, and we do not use your purchase data to build advertising profiles.

AgentPays relies on the following sub-processors to operate. Each one receives only the data necessary to perform its function.

Each provider has its own privacy policy that governs how it handles the data it receives. You should review their policies if you have specific concerns.

We retain your account and application data for as long as your account is active. When you delete your account, we permanently remove your agents, spend rules, encrypted Privacy.com API key, stored payment methods, purchase requests, transaction records, and your analytics data held in PostHog. We also delete your customer record and saved payment methods from Stripe.

Records of fees we charged you (the AgentPays transaction fee) are retained by our payment processor, Stripe, as part of our own financial records. We keep these to meet accounting, tax, and regulatory obligations. These records reflect fees we collected and are separate from the purchase and account data we delete.

Backup snapshots may retain deleted data for up to thirty days before being expired.

You have the right to:

• Access — request a copy of the personal data we hold about you.
• Correct — update inaccurate or incomplete information through your account settings or by contacting us.
• Delete — permanently remove your account and associated data from Settings → Delete account, or by contacting us.
• Export — request a machine-readable copy of your data.
• Object or restrict — ask us to limit or stop certain processing of your data.

To exercise any of these rights, email kevin@agentpays.dev. We respond within a reasonable timeframe and consistent with applicable law.

AgentPays uses cookies and similar technologies for two purposes: keeping you signed in, and product analytics.

Sign-in is handled by Clerk, which sets a session cookie so you stay logged in. This is required for the product to function, so disabling it will prevent you from staying signed in.

Product analytics through PostHog only run after you give consent. On your first visit we show a banner where you can accept or decline analytics. If you decline, or before you choose, we do not capture any PostHog analytics about you. You can change your choice at any time by clearing the stored preference in your browser. We also use Vercel Analytics for basic, cookieless traffic measurement, which does not set cookies or identify you individually and runs regardless of your analytics choice.

We take reasonable measures to protect your information:

• Privacy.com API keys are encrypted at rest using AES-256-GCM and are never exposed in full after saving.
• All connections to AgentPays are served over HTTPS/TLS.
• Authentication is handled by Clerk, which manages session security, password hashing, and 2FA on our behalf.
• Payment card details are tokenized by Stripe — we never store full PAN, CVC, or expiry in our systems.
• Access to production data is limited to authorized personnel for legitimate operational purposes.

No security measure is perfect. We cannot guarantee absolute security, and you are responsible for keeping your AgentPays credentials and connected API keys secure.

For California residents (CCPA/CPRA)

You have the right to know what categories of personal information we collect, the purposes for which we use it, and the categories of third parties with whom we share it. You can request access, correction, or deletion of your personal information, and you have the right not to be discriminated against for exercising these rights. AgentPays does not sell personal information.

For users in the EEA, UK, or Switzerland (GDPR)

We process personal data on the following legal bases: (a) performing the contract we have with you, for the core functionality of operating your account and processing your agents' purchases, (b) your consent, for product analytics through PostHog, which you can give or withhold through our consent banner and withdraw at any time, (c) complying with our legal obligations, including retaining financial records of fees we charged, and (d) our legitimate interests in securing the service and preventing fraud and abuse. You have the right to access, rectify, erase, restrict, or port your data, to object to processing, and to withdraw consent for analytics at any time. You also have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, contact kevin@agentpays.dev.

AgentPays is not intended for use by children under 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will delete it promptly.

We may update this Privacy Policy from time to time. When we make material changes, we will update the “last updated” date at the top of the page and, where appropriate, notify you by email or through the product. Continued use of AgentPays after a change indicates your acceptance of the updated policy.

If you have questions about this policy or how we handle your data, contact us at kevin@agentpays.dev.