Privacy Policy

Last updated: April 24, 2026

      igentbase inc, a Delaware corporation, is committed to protecting your privacy. This policy explains what data we collect, why we collect it, how we use it, and your rights regarding your data. We do not sell your personal data. Ever.
    

1. Who We Are

igentbase operates an AI agent marketplace that allows users to discover, install, and manage AI agents, and developers to publish and distribute them. This policy covers all igentbase services: the public website, user dashboard, developer console, and APIs.

2. Data We Collect

2.1 Account Data

When you sign in through an OAuth provider, we receive and store:

Data	Source	Purpose
Full name	OAuth provider	Display in dashboard, reviews
Email address	OAuth provider	Account identification, notifications, account linking
OAuth provider ID	OAuth provider	Authentication
Profile picture URL	OAuth provider	Avatar display (optional)

We do not receive or store your OAuth provider password. Authentication tokens are stored in encrypted server-side sessions (Redis) and are never exposed to the browser.

2.2 Workspace Data

When you use the platform, we store:

Workspace settings — name, team member roles (owner/admin/member), notification preferences, theme preference
Installed agents — which agents your workspace has installed, when they were added, and whether they are active
API keys — generated tokens for agent communication, stored as hashed values
Reviews and ratings — text, star rating, and timestamps for reviews you submit
Reports — agent reports you file, including reason and description

2.3 Usage and Analytics Data

We collect anonymized usage data to operate, improve, and bill the platform:

Data	Storage	Retention
API request logs (agent calls, tokens, latency)	ClickHouse (append-only)	90 days
Daily usage aggregates (requests, spend per agent)	ClickHouse	2 years
Install/uninstall events	ClickHouse	2 years
Revenue and billing records	PostgreSQL + ClickHouse	7 years (legal requirement)

API request logs include your workspace ID and agent ID but do not include the content of your prompts, responses, or any data processed by the agent. We log metadata (token counts, latency, cost) for billing and performance monitoring only.

2.4 Data We Do NOT Collect

      We do not intercept, inspect, store, or log the content of data sent to or received from agents. The igentbase Gateway acts as a pass-through — your prompts, responses, files, and all data exchanged with agents flow directly between your client and the agent's infrastructure. We log only metadata (token counts, latency, cost) for billing and performance monitoring.
      
      We do not collect, store, or have access to:
      The content of your prompts or agent responses
Files or documents you share with agents
Your source code, database contents, or business data
Browser fingerprints or cross-site tracking identifiers
Location data (GPS, IP geolocation)

3. How We Use Your Data

Purpose	Data Used	Legal Basis
Authenticate you and maintain your session	OAuth ID, email, session token	Contract
Display your profile in reviews and team views	Name, email	Contract
Link accounts across OAuth providers	Email address	Contract
Bill for agent usage	Usage logs, workspace ID	Contract
Show usage analytics in your dashboard	Aggregated usage data	Contract
Compute marketplace rankings (trending, top rated)	Anonymized install counts, ratings	Legitimate interest
Monitor agent health and platform stability	API latency, error rates	Legitimate interest
Send transactional emails (billing, security alerts)	Email address	Contract
Detect and prevent fraud or abuse	Usage patterns, account metadata	Legitimate interest

4. Third-Party Agents and Data

4.1 Agent Data Processing

When you use an installed Agent, your data flows directly between your client (IDE, desktop app, etc.) and the Agent's infrastructure via our gateway. igentbase acts as a pass-through:

We route API calls but do not inspect, store, or log prompt/response content
We log metadata only (token counts, latency, cost) for billing
Each Agent has its own data governance policy, accessible on its detail page

4.2 Agent Governance Transparency

We require Developers to disclose their data practices through our governance framework. Each Agent's detail page shows:

What data the Agent collects (prompts, history, metadata, etc.)
Storage level and retention period
Whether data is used for model training
Third-party sharing practices
Security measures and compliance certifications
A computed trust score based on these disclosures

igentbase provides this information to help you make informed decisions but does not independently verify Developer claims. We encourage you to review each Agent's governance information before installing.

4.3 Agent Removal and Data

When you uninstall an Agent, your API key for that Agent is immediately revoked. Any data the Agent has collected is subject to the Agent's own retention and deletion policies. You may contact the Developer directly to request data deletion.

5. Data Sharing

We share your data only in these limited circumstances:

5.1 With Developers

When you install an Agent, the Developer can see:

Your workspace name (not individual user names)
Aggregated usage metrics (total calls, token usage)
Reviews you submit (with your display name)

Developers cannot see your email, other installed agents, or billing details.

5.2 With Service Providers

We use a limited set of infrastructure providers to operate the platform:

Cloud hosting — for compute, storage, and networking
Email delivery — for transactional notifications
Payment processing — for billing (we do not store credit card numbers)

All service providers are bound by data processing agreements and are prohibited from using your data for their own purposes.

5.3 We Do NOT Share Data With

Advertisers or ad networks
Data brokers or analytics companies
AI model training providers (your data is never used to train models)
Any third party for marketing purposes

5.4 Legal Requirements

We may disclose your data if required by law, court order, or governmental request. We will notify you before disclosure unless legally prohibited from doing so.

6. Data Security

We implement industry-standard security measures:

Encryption in transit — all connections use TLS 1.3
Encryption at rest — database volumes are encrypted with AES-256
Session management — server-side sessions stored in Redis with TTL expiration
API key hashing — user tokens are stored as irreversible hashes
Access controls — role-based access within workspaces; internal access requires MFA
Audit logging — all administrative actions are logged
Vulnerability management — regular dependency scanning and security patches

7. Data Retention

Data Type	Retention	After Deletion
Account data	Until you delete your account	Purged within 30 days
Reviews and ratings	Until you delete or account closure	Anonymized (name removed)
API request logs	90 days	Automatically purged
Usage aggregates	2 years	Automatically purged
Billing records	7 years	Required by law
Session data	Until logout or TTL expiry	Automatically purged

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

8.1 Access and Portability

You can export your data at any time from the User Dashboard settings. This includes your profile, installed agents, usage history, and reviews. Export is provided in JSON format.

8.2 Correction

You can update your profile information at any time. Since we source identity data from OAuth providers, some fields (name, email) are synced from your provider.

8.3 Deletion

You can delete your account from the User Dashboard settings. Upon deletion:

Your account and workspace data are scheduled for permanent deletion within 30 days
All API keys are immediately revoked
All installed agents are deactivated
Your reviews are anonymized (display name removed, content preserved)
Billing records are retained for 7 years as required by law

8.4 Restriction and Objection

You can request that we restrict processing of your data or object to processing based on legitimate interest by contacting [email protected].

8.5 Withdrawal of Consent

Where processing is based on consent (e.g., optional notifications), you can withdraw consent at any time through your account settings.

9. Cookies and Local Storage

We use minimal browser storage:

Type	Name	Purpose	Duration
Session cookie	session_id	Authentication (links to server-side session)	Session / 7 days
Local storage	theme	Your light/dark mode preference	Persistent

We do not use tracking cookies, analytics pixels, or any third-party cookies. The public marketplace website uses no cookies at all — it is fully stateless for anonymous visitors.

10. Children's Privacy

igentbase is not intended for use by individuals under 18. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us and we will delete it promptly.

11. International Data Transfers

Your data may be processed in jurisdictions other than your country of residence. We ensure appropriate safeguards are in place, including standard contractual clauses where required.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or a banner in the User Dashboard at least 30 days before taking effect. The "Last updated" date at the top reflects the most recent revision.

13. Contact

For privacy questions, data requests, or concerns:

Email: [email protected]
Response time: within 30 days for formal requests

If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.