Skip to content

Privacy Policy

Last updated: July 4, 2026

This Privacy Policy describes how ProtoML, Inc. (doing business as "AGNT5", "we", "us", or "our") collects, uses, and shares personal data when you visit agnt5.com, use the AGNT5 cloud service at app.agnt5.com, or otherwise interact with us (together, the "Services").

For personal data contained in content that our customers run through the AGNT5 platform ("Customer Content"), we act as a processor on the customer's behalf. That processing is governed by ourData Processing Addendum, not this policy.

Information we collect

Information you provide

  • Account information. Name, email address, and organization details when you create an account. If you sign in with GitHub or Google, we receive basic profile information (name, email, avatar) from that provider.
  • Billing information. Paid plans are billed through Stripe. We store your plan, billing history, and billing contact; payment card details are collected and stored by Stripe, not by us.
  • Communications. Messages you send us via support, email, or community channels.

Information collected automatically

  • Usage data. Log data such as IP address, browser and device type, pages viewed, and actions taken in the Services.
  • Analytics. We use PostHog (hosted in the United States), including session replay on our marketing site, and Plausible to understand how the Services are used. For visitors in the EEA, the United Kingdom, and Switzerland, PostHog analytics run only after you accept our consent banner; declining disables non-essential tracking.
  • Cookies and similar technologies. We use cookies and local storage to keep you signed in, remember preferences (such as your consent choice and theme), and measure usage.

How we use information

  • Provide, operate, secure, and improve the Services;
  • Create and administer your account and workspaces;
  • Process payments and manage subscriptions;
  • Send transactional messages such as invitations, security notices, and billing emails;
  • Respond to support requests;
  • Monitor for errors, abuse, and security incidents;
  • Understand usage to improve the product and our documentation;
  • Comply with legal obligations.

Where the GDPR or similar laws apply, we rely on: performance of a contract (providing the Services), legitimate interests (securing and improving the Services), consent (non-essential analytics in consent-required regions), and legal obligations.

How we share information

We do not sell personal data. We share it only with service providers who process it on our behalf under contract, including:

  • Cloudflare — website hosting, CDN, and network security;
  • Hetzner — cloud infrastructure (European Union and United States);
  • Stripe — payment processing;
  • Resend — transactional email delivery;
  • PostHog — product analytics and session replay;
  • Plausible — privacy-focused web analytics;
  • Sentry — error monitoring and diagnostics.

We may also disclose personal data when required by law, to protect our rights or the safety of others, or as part of a merger, acquisition, or sale of assets (in which case this policy continues to apply until amended).

International transfers

Our infrastructure is located in the European Union and the United States, and some of our service providers are located in the United States. Where personal data subject to the GDPR or UK GDPR is transferred internationally, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.

Retention

We keep account data for as long as your account is active and for a reasonable period afterwards to comply with legal obligations and resolve disputes. Execution history in the cloud service is retained according to the run-history window of your plan and then deleted. Backups are cycled on a fixed schedule.

Security

We use technical and organizational measures appropriate to the risk, including encryption in transit, access controls, and workload isolation. No system is perfectly secure; please use a strong, unique password and keep your API keys secret. See the Data Processing Addendum for more detail on our security measures.

Your rights

Depending on where you live, you may have rights to access, correct, delete, or export your personal data, to object to or restrict certain processing, and to withdraw consent. Residents of the EEA and the UK may also lodge a complaint with their supervisory authority; residents of California and other US states may have rights under state privacy laws, and we do not discriminate against you for exercising them. To exercise any of these rights, emailprivacy@agnt5.com.

Analytics choices

In consent-required regions you can accept or decline non-essential analytics via the consent banner, and change your mind at any time by clearing this site's data in your browser (which resets the banner). Plausible does not use cookies or track you across sites.

Children

The Services are not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact us and we will delete it.

Changes to this policy

We may update this policy from time to time. We will post the updated version on this page and revise the "Last updated" date; for material changes we will provide additional notice (such as email).

Contact

ProtoML, Inc. (d/b/a AGNT5)
Email: privacy@agnt5.com