Legal

Privacy Policy

Last updated: 2025-01-01

1. Overview

This Privacy Policy explains how AgentFrontend (“we”, “us”, “our”) collects, uses, and protects personal data when you:

Connect a messenger bot or AI agent to AgentFrontend
Use a messenger bot powered by AgentFrontend (for example, on Telegram)
Authenticate via an OAuth provider (for example, Google)

By using AgentFrontend, you agree to the practices described in this policy.

2. Data We Collect

2.1 Account and Identity Data

When you sign in or link your account via OAuth or another identity provider, we may collect:

Name and profile information made available by your identity provider
Email address
Identity provider user ID
OAuth metadata needed to maintain a secure session (for example, tokens or token references)

We do not receive your password from the identity provider.

2.2 Messenger and Bot Data

When you use a messenger bot that is connected to AgentFrontend, we may collect:

Messenger identifiers such as:
- Chat ID
- User ID / platform user ID
- Bot ID and tenant ID
Message metadata such as:
- Message IDs
- Timestamps
- Media URLs or references (for example, links to voice messages stored in S3)

2.3 Message and Usage Data

To route your messages to AI agents and return responses, we may process and temporarily store:

Text messages you send to the bot
Transcription results and summaries (for example, from voice messages)
System logs needed for debugging and security (for example, error logs, request identifiers)

2.4 Billing and Payment Data

If you purchase usage credits or a subscription, we may collect:

Billing amount and currency
Payment identifiers from the payment gateway (for example, payment intent ID)
Internal records of balance changes and usage events

We do not store full credit card numbers. Payments are processed by third‑party providers who handle sensitive card data.

3. How We Use Your Data

We use the data described above to:

Provide the service:
- Route messages between messengers and AI agents
- Maintain chat context and ordering
- Handle media (for example, audio files) where required by your agent
Secure accounts and sessions:
- Authenticate users and bots using JWT and OAuth
- Prevent abuse and unauthorized access
Operate billing and quotas:
- Apply free tiers and paid usage limits
- Maintain balances and transaction records
Improve reliability and troubleshoot issues:
- Monitor logs and aggregate metrics
- Investigate errors and incidents

We do not sell your personal data.

4. Data Retention

We retain data only for as long as necessary to:

Provide the service you or your organization requested
Comply with legal, accounting, or regulatory obligations
Resolve disputes and enforce our Terms of Service

Retention periods may differ for:

Logs and technical data, which are kept for a limited time for debugging and security
Billing records, which may need to be retained longer for accounting and tax purposes

We may share data with:

Infrastructure and service providers, such as:
- Cloud hosting and storage providers (for example, to store media files)
- Email and communication tools
- Analytics and monitoring tools
Payment processors, for handling payments and refunds
Your organization or tenant administrators, where you use AgentFrontend under an organizational account

We may also disclose data if required by law or a valid legal request, or to protect our rights, users, or the public.

6. International Transfers

Data may be processed or stored in data centers located in different countries. Where required, we take appropriate safeguards to protect personal data during cross‑border transfers.

7. Your Rights and Choices

Depending on your location and applicable law, you may have rights to:

Access the personal data we hold about you
Correct inaccurate personal data
Request deletion of your personal data
Object to or restrict certain types of processing

To exercise these rights, please contact us using the details in the Contact section below. We may need to verify your identity before processing your request.

8. Data Deletion and Account Unlinking

You can typically stop sharing data with AgentFrontend by:

Removing or disconnecting the relevant messenger bot
Revoking access to AgentFrontend in your OAuth provider account settings

You may also request deletion of your data by contacting us. Subject to legal and contractual obligations, we will:

Remove or anonymize personal identifiers from stored records where possible
Retain only the minimum information needed to comply with legal requirements (for example, certain billing records)

9. Security

We implement technical and organizational measures designed to protect your data, including:

Use of HTTPS for data in transit
Access controls and least‑privilege principles for internal systems
Monitoring and logging of key operations

However, no system can be perfectly secure, and we cannot guarantee absolute security. You are responsible for keeping your devices and accounts secure.

10. Third‑Party Services

AgentFrontend may integrate with or depend on third‑party services, such as:

Identity providers (for example, Google)
AI model providers
Payment processors

Your use of those services is also governed by their own terms and privacy policies. We encourage you to review them separately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page reflects the most recent changes.

If we make material changes, we will take reasonable steps to notify you (for example, via the product interface or by updating this page).

12. Contact

If you have questions about this Privacy Policy or would like to exercise your privacy rights, you can contact us at:

Email: [email protected]

If you are located in a region with specific data protection regulations, you may also have the right to lodge a complaint with your local data protection authority.