AgentGrant Privacy Policy

AgentGrant is a secure credential delegation platform for AI agents. This Privacy Policy explains what information we collect, how we use it, how we store it, and how we protect it.

Account information: name, email address, and profile image received from OAuth providers; service usage records; access logs; and IP-address-related operational logs.

Credential information: login data, passwords, API keys, PINs, access tokens, refresh tokens, and Grant configuration data that a user chooses to store in the vault. Sensitive credential contents are stored encrypted.

Usage records: audit logs for agent actions such as login, purchase, data access, approval requests, approval outcomes, and other material credential events.

To provide the Service, including authentication, credential storage, credential delegation, approval workflows, and agent-assisted actions requested by the user.

To secure the Service, including detecting unusual access, enforcing Policies, blocking unauthorized or risky actions, and generating audit logs.

To operate approval flows for higher-risk actions such as purchases or posting actions that require direct user confirmation.

To improve the Service using usage patterns and product feedback. Where possible, we use de-identified or aggregated data for improvement work.

Credentials are stored encrypted using AES-256-GCM.

Data in transit is protected using modern transport encryption such as TLS.

Credential delivery to agents is designed to occur through protected application channels rather than plaintext storage exposure.

AgentGrant personnel are not intended to have routine access to a user's plaintext encrypted vault contents.

Infrastructure access is limited through operational controls, and database hosting may use row-level and service-level access restrictions where supported by the underlying provider.

Account information may be deleted when the user closes the account, subject to any legal or operational retention obligations.

Credentials may be deleted immediately when the user removes them or closes the account, except where temporary retention is required for security, fraud prevention, legal compliance, or backup integrity.

Audit logs may be retained for up to one year or longer where legally required or reasonably necessary for security investigations and abuse prevention.

AgentGrant does not sell personal information and does not disclose personal information to third parties without the user's direction, except as described in this Policy or as required by law.

Information may be shared with third-party providers when the user explicitly authorizes a Grant or an OAuth connection.

AgentGrant may use infrastructure and service providers such as Supabase (database hosting), Vercel (web hosting), and Upstash (cache/session infrastructure), or equivalent providers that support Service operations.

These providers may process limited information as service processors or sub-processors for hosting, storage, delivery, and reliability purposes.

Depending on applicable law, users may request access to, correction of, or deletion of personal information.

Users may delete or revoke credentials and Grants at any time.

Users may disconnect OAuth-linked accounts through the dashboard or the relevant third-party provider.

Users may request deletion of their account and associated data, subject to legal and security retention requirements.

AgentGrant uses essential cookies and session mechanisms required for authentication, account security, and session continuity.

AgentGrant does not currently describe the use of marketing cookies or cross-site advertising trackers as part of its core Service operation.

AgentGrant is not intended for children under the age of 14 and does not knowingly collect personal information from children under that age.

If we change this Privacy Policy, we will post the updated version on this page and may provide in-service or email notice when the change is material.

Unless otherwise stated, changes become effective 7 days after notice is provided.

For privacy-related questions or requests, contact privacy@agentgrant.click.

Website: https://agentgrant.click