Privacy Policy

1. What We Collect

Fencepost collects the minimum data necessary to provide our service:

• Account data: Name, email address, hashed password. Used for authentication and account management.
• Agent metadata: Agent names, descriptions, permission configurations, and allowed domain lists. These define how your agents are scoped.
• Audit logs: Timestamps, action types, and agent identifiers for each access event. We do NOT log the content of API calls — only that they occurred.
• Payment data: Processed by Stripe. We never see or store your full credit card number.

2. What We Do NOT Collect

• API request or response bodies — we never see what your agents send or receive
• API keys in plaintext — all keys are hashed (SHA-256) after initial display
• Third-party analytics cookies — we use a first-party analytics setup only
• Biometric data or device fingerprints

3. API Key Security

When you create an agent, Fencepost generates a unique API key displayed once. After you copy it, we store only a SHA-256 hash. The plaintext key is never stored in our database. If you lose your key, you must rotate it — we cannot retrieve it.

4. Data Retention

• Free plan: Audit logs retained for 7 days
• Starter: 30 days
• Growth: 90 days
• Pro: 1 year

Account data is retained until you delete your account. Upon deletion, all data is purged within 30 days.

5. GDPR Rights

If you're in the EU/EEA, you have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your data (“right to be forgotten”)
• Export your data in a machine-readable format
• Object to processing

Contact privacy@agentfence.io to exercise these rights.

6. Third-Party Services

• Stripe: Payment processing
• Google Analytics: Anonymous usage analytics
• Vercel/Coolify: Hosting infrastructure

7. Contact

For privacy-related questions, contact privacy@agentfence.io.