Privacy Policy

Last updated: May 22, 2026

At myAgents, we take your privacy seriously. Please read this Privacy Policy to learn how we treat your personal data. By using or accessing our Services in any manner, you acknowledge that you accept the practices and policies outlined below, and you hereby consent that we will collect, use, and share your information as described in this Privacy Policy.

Your use of myAgents's Services is at all times subject to our Terms of Service, which incorporates this Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in the Terms.

Key points:

We do not allow our AI model providers — including Anthropic, OpenAI, and Google — to use your Personal Data to train their AI models.
We may use De-Identified Data derived from your usage to improve our own Services. You may opt out at any time by emailing privacy@myagents.ca.
We store your Personal Data on Neon (PostgreSQL) servers. All Personal Data is encrypted at rest (AES-256) and in transit (TLS). We implement VPC isolation, least-privilege access controls, and signed webhooks to protect your Personal Data.

As we continually improve our Services, we may need to change this Privacy Policy from time to time. We will alert you of material changes by placing a notice on the myAgents website and/or by sending you an email. If you use the Services after any changes have been posted, that means you agree to all of the changes.

What this Privacy Policy Covers

This Privacy Policy covers how we treat Personal Data that we gather when you access or use our Services. "Personal Data" means any information that identifies or relates to a particular individual and also includes information referred to as "personally identifiable information" or "personal information" under applicable data privacy laws, rules, or regulations. This Privacy Policy does not cover the practices of companies we do not own or control or people we do not manage.

Personal Data

Categories of Personal Data We Collect

This chart details the categories of Personal Data that we collect and may have collected over the past 12 months.

Category	Examples of Personal Data We Collect	Third Parties With Whom We Share This Data
Profile or Contact Data	Email address Display name Authentication provider identifier IANA timezone	Service Providers Parties You Authorize
Payment Data	Payment card type and last 4 digits Billing email address Stripe customer reference ID Subscription status, seat count, and billing period Credit balance and transaction history	Service Providers (specifically Stripe, Inc.)
Device / IP Data	IP address IP-address-based location information Browser type and version Operating system	Service Providers
Web Analytics	Page and feature interactions Referring webpage or source Onboarding and activation events (e.g. account created, first agent created, first message sent) Feature engagement signals (e.g. work items completed, connections added) Payment events (e.g. credit top-up, subscription started) Performance metrics (page load times, web vitals)	Service Providers
Organization & Team Data	Organization name and slug Team names, descriptions, icons, and colors Member roles (Owner, Admin, Member, Viewer) Pending invitation email addresses and expiration dates Spend limits, daily ceilings, and auto-recharge preferences	Service Providers Parties You Authorize
Agent & Workspace Content	Agent names, roles, summaries, and capability descriptions Skill files and agent directives Work item titles, descriptions, status, priority, due dates, recurrence rules, and comments Conversation messages and thread history with agents Team knowledge base entries (team facts) AI-generated deliveries (images, videos, audio files, PDFs, and links) created by your agents Wizard session data used during agent creation	Service Providers Parties You Authorize
Usage & Billing Data	AI model token consumption (input and output tokens per call) Model tier used (fast, balanced, or deep) and inference duration Per-call costs attributed to user, team, agent, and work item Credit transactions (top-ups, consumption, refunds, adjustments) Subscription invoices and failed payment attempts	Service Providers
Third-Party Integration Data	Google Calendar: calendar list, event titles, times, attendees, and descriptions accessed by your agents WhatsApp Business: phone number IDs, inbound and outbound message content routed through your agents GitHub: repository content and skill files your agents read or write OAuth access tokens and refresh tokens for authorized services (stored encrypted at rest)	Service Providers Parties You Authorize
AI-Derived Data	Semantic vector embeddings derived from your workspace content (work items, team facts, and deliveries), used to power agent memory search	Service Providers (OpenAI for embedding generation; embeddings stored in our own database)
Other Identifying Information You Voluntarily Provide	Identifying information in emails, support requests, or other communications you send us Any other information you authorize myAgents to access or choose to share with us	Service Providers

Categories of Sources of Personal Data

You — when you provide information directly:

When you create an account or use our interactive tools and Services.
When you configure agents, create work items, or send messages to agents through the Services.
When you connect third-party services (Google Calendar, WhatsApp Business, GitHub).
When you send us an email or otherwise contact us.

You — when information is collected automatically:

Through cookies and similar technologies (defined in the "Cookies" section below).
Through Vercel Analytics when you interact with the Services.
Through Sentry error reporting (configured without PII — request bodies, headers, IPs, and cookies are excluded).
When your agents execute tasks — usage, duration, and cost are logged automatically to support billing and your in-app analytics.

Third Parties:

Authentication provider (Stack Auth): When you sign up or log in, your email address and authentication identifier are transmitted to us.
Connected services: When you authorize a Google Calendar, WhatsApp Business, or GitHub connection, data from those services is transmitted to myAgents to fulfill agent tasks on your behalf.

Our Commercial or Business Purposes for Collecting or Disclosing Personal Data

Providing, Customizing and Improving the Services

Creating and managing your account and organization profile.
Processing payments and managing your subscription and credit balance.
Running your agents and fulfilling the tasks and workflows you configure.
Powering agent memory via semantic embeddings over your workspace content.
Providing support and assistance for the Services.
Improving the Services, including testing, research, internal analytics, and product development. We do not allow our AI model providers (Anthropic, OpenAI, Google) to use your Personal Data to train their AI models.
Fraud protection, security monitoring, and debugging.

Marketing the Services

Marketing and selling the Services.

Corresponding with You

Responding to correspondence we receive from you and contacting you when necessary.
Sending transactional emails such as low-balance alerts, team invitations, and authentication messages.

Other Permitted Purposes for Processing Personal Data

Each category of Personal Data above may also be collected, used, and disclosed to meet legal requirements and enforce legal terms, including: fulfilling our obligations under applicable law, regulation, or court order; preventing or investigating security incidents and potentially illegal or prohibited activities; protecting the rights, property, or safety of you, myAgents, or another party; enforcing agreements with you; and resolving disputes.

De-Identified Data

We may create de-identified, anonymized data ("De-Identified Data") from the Personal Data we collect so that it does not identify you. We may use such De-Identified Data for our lawful business purposes, including to analyze, build, and improve the Services and to promote our business. We do not sell De-Identified Data to advertising networks or use it to target you with third-party advertising. To opt out, email us at privacy@myagents.ca.

We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without providing you notice.

AI Model Providers

myAgents uses the following third-party AI providers to power agent inference, content generation, and memory. When your agents run, the relevant inputs — your prompts, conversation history, workspace context, and any connected service data your agent accesses — are sent to these providers as necessary to fulfill the task.

Anthropic (Claude models)— Primary provider for all conversational agent inference. Anthropic's API terms prohibit them from training their models on API customer data by default.
OpenAI (image generation, text-to-speech, embeddings) — Used to generate images on your agents' behalf (gpt-image-1), synthesize audio (text-to-speech), and produce semantic embeddings for agent memory (text-embedding-3-small). OpenAI's API terms prohibit them from training on API customer data by default.
Google (Gemini models)— Used as an alternative provider for AI-powered image generation (gemini-2.5-flash). Google's API terms apply to data processed through their APIs.

We do not instruct any AI provider to use your Personal Data to train their models. We recommend reviewing each provider's privacy policy and data processing terms for further details.

How We May Disclose Your Personal Data

Service Providers — these parties help us provide the Services or perform business functions on our behalf:

Neon — database hosting (PostgreSQL; AES-256 encryption at rest; TLS in transit; U.S.-based servers)
Vercel — application hosting, serverless functions, edge delivery, and analytics
Stack Auth — user authentication and account management
Stripe, Inc. — payment processing. Full card details are handled entirely by Stripe; we store only a customer reference identifier and the card last-4 and brand for display.
Resend — transactional email delivery
Sentry — error monitoring (configured without PII)
Upstash — ephemeral rate-limiting cache
Anthropic, OpenAI, Google — AI model inference and content generation

Parties You Authorize, Access or Authenticate:

Organizations through which you access our Services (such as your employer).
Third-party services you connect to myAgents (Google Calendar, WhatsApp Business, GitHub).
Other members of your myAgents organization.

Organizational Email Notice: If you create a personal account using an email address provisioned by an employer or organization, that organization may request disclosure of the email address associated with your account. myAgents will not transfer your other account information or content without your consent.

Legal Obligations: We may share Personal Data with government authorities or other parties to meet legal requirements as described above.

Business Transfers: All Personal Data we collect may be transferred to a third party in the event of a merger, acquisition, bankruptcy, or other transaction in which that third party assumes control of our business. We will make reasonable efforts to notify you before your information becomes subject to different privacy and security practices.

Cookies

The Services use cookies and similar technologies (collectively, "Cookies") to enable our servers to recognize your browser, tell us how and when you visit and use our Services, analyze trends, and operate and improve our Services.

Essential Cookies — required for features or services you have requested, such as logging into secure areas. Disabling these may make certain features unavailable.
Functional Cookies — used to record your settings and preferences and recognize you when you return.
Performance / Analytical Cookies — allow us to understand how visitors use our Services (pages viewed, session duration, feature engagement) to improve the product.

You can manage or disable Cookies through your browser settings. For more information, visit allaboutcookies.org.

Data Storage and Security

We store your Personal Data on Neon (PostgreSQL) servers. All Personal Data is encrypted at rest (AES-256) and in transit (TLS). We implement additional security measures including VPC isolation, least-privilege access controls, HMAC-signed OAuth state tokens, and signed Stripe webhooks.

Although we work to protect the security of your data, please be aware that no method of transmitting or storing data is completely secure.

Data Retention

We retain Personal Data for as long as necessary to provide our Services or perform our commercial purposes for collecting it.

Profile and account data — retained for as long as you have an active account.
Team and workspace content — retained while your account is active. When a team is deleted, all associated content is immediately and irrecoverably removed.
Payment and financial ledger data — retained for billing, audit, and tax compliance.
Usage records (token consumption, cost logs) — retained to support billing and in-app analytics.
Device / IP and web analytics data — retained as long as needed to ensure the Services function properly.
Third-party integration tokens — retained until you disconnect the integration or delete your account.

Personal Data of Children

We do not knowingly collect or solicit Personal Data from children under 16 years of age. If we learn we have collected Personal Data from a child under 16, we will delete it as quickly as possible. Please contact us at privacy@myagents.ca if you believe a child under 16 may have provided us with Personal Data.

State Law Privacy Rights

California Resident Rights

Under California Civil Code Sections 1798.83–1798.84, California residents may contact us to prevent disclosure of Personal Data to third parties for direct marketing purposes. We do not knowingly make any such disclosures.

Nevada Resident Rights

If you are a Nevada resident, you have the right to opt out of the sale of certain Personal Data to third parties. We do not currently sell your Personal Data as defined by Nevada Revised Statutes Chapter 603A.

European Union, United Kingdom, and Swiss Data Subject Rights

If you are a resident of the EU, UK, Liechtenstein, Norway, or Iceland, you may have additional rights under the EU or UK General Data Protection Regulation ("GDPR").

myAgents will be the controller of your Personal Data processed in connection with the Services.

Lawful bases for processing:

Contractual Necessity:Profile / Contact Data, Payment Data, Organization & Team Data, Agent & Workspace Content, Third-Party Integration Data, Usage & Billing Data — necessary to provide the Services.
Legitimate Interest: Device / IP Data, Web Analytics, AI-Derived Data, error monitoring — to operate, secure, improve, and market the Services.
Consent: Where expressly indicated at the point of collection (e.g. connecting a third-party integration).
Legal Obligation: Where required by applicable law or regulation.

Data Subject Rights — to submit a request, email privacy@myagents.ca with subject "GDPR Request: [nature of request]":

Access — request a copy of the Personal Data we hold about you.
Rectification — request correction of inaccurate or incomplete data.
Erasure — delete your account via Settings → Account → Delete Account; delete individual teams from team settings; for other requests email privacy@myagents.ca.
Portability — export workspace data (agents, work items, conversations) in JSON via Settings → Export / Import.
Objection — object to further use or disclosure of your Personal Data for certain purposes.
Restriction of Processing — request that we restrict further processing.
Withdrawal of Consent — withdraw consent at any time; this may limit certain features.
Right to File Complaint — lodge a complaint with your supervisory authority at edpb.europa.eu.

Transfers of Personal Data: Our Services are hosted in the U.S. By using our Services, you acknowledge that your Personal Data will be transferred to and processed in the U.S. In some circumstances, transfers may be made pursuant to a data processing agreement incorporating standard data protection clauses.

Contact Information

If you have any questions or comments about this Privacy Policy, please contact us at:

myOS Inc.
privacy@myagents.ca