Privacy Policy

Account information. When you create an account, we collect your email address, company or workspace name, and authentication credentials (hashed password or OAuth provider identity). We do not store plaintext passwords.

Usage and metrics data. When you use the AgentMetrics SDK, event data is sent to our API. This may include: agent identifiers, run duration, token counts, estimated cost, model names, error messages, tool call metadata, and any custom metadata your application attaches to events. You control what is included in the metadata field.

Billing information. Payment card data is collected and stored solely by our payment processor, Stripe, Inc. We receive a billing token, last-four digits, expiry date, and billing address from Stripe. We do not store full card numbers.

Usage analytics. We collect standard server logs including IP addresses, browser/client type, pages visited, and API request metadata. We use this to monitor performance, investigate abuse, and improve the Service.

Communications. If you contact us by email or through the Service, we retain that correspondence to respond to your inquiry and improve our support.

We use collected information to:

• Provide, operate, and improve the Service
• Process payments and manage your subscription
• Authenticate your identity and secure your account
• Send transactional emails (billing receipts, trial expiry notices, payment failure alerts)
• Send product updates and announcements (you may opt out at any time)
• Enforce our Terms of Service and prevent abuse
• Comply with legal obligations

We do not sell your personal information to third parties. We do not use your agent metrics data to train AI models without your explicit consent.

Event and metrics data is retained for the duration of your active subscription plus 30 days after cancellation, then permanently deleted. The retention window per plan is:

• Free:7 days in managed cloud
• Growth:90 days in managed cloud
• Pro:365 days in managed cloud

Account information is retained until you request deletion or your account has been inactive for 24 months. Billing records are retained for 7 years as required by applicable financial regulations.

We share information only in the following circumstances:

• Service providers. We use Stripe (payment processing), Supabase (authentication and database), and email service providers to operate the Service. These parties process data only on our behalf and under confidentiality obligations.
• Legal requirements. We may disclose information if required by law, court order, or governmental authority, or to protect the rights, safety, or property of AgentMetrics, our users, or the public.
• Business transfers. In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity. We will notify you by email and provide an opportunity to delete your data before the transfer becomes effective.

We use cookies and similar technologies for:

• Session management. To keep you logged in and maintain authentication state.
• Preferences. To remember your theme selection (light/dark mode) and other settings.

We do not use third-party advertising cookies or behavioral tracking cookies. You may disable cookies in your browser settings, but some features of the Service may not function correctly without them.

We implement technical and organizational measures to protect your information, including:

• TLS encryption for all data in transit
• Encryption at rest for database storage
• HMAC hashing of API keys (keys are never stored in plaintext)
• Access controls limiting employee access to production data

No security system is impenetrable. If you discover a security vulnerability, please report it responsibly to support@agentmetrics.dev rather than disclosing it publicly.

AgentMetrics is operated from servers located in the United States and/or the European Union. If you access the Service from outside these regions, your data may be transferred to and processed in those jurisdictions. By using the Service, you consent to such transfers. Where required by applicable law (e.g., GDPR), we implement standard contractual clauses or other appropriate safeguards.

Depending on your location, you may have the right to:

• Access:request a copy of the personal data we hold about you
• Correction:request correction of inaccurate data
• Deletion:request deletion of your account and associated data
• Portability:request export of your data in a machine-readable format
• Objection:object to processing based on legitimate interests
• Opt-out of marketing:unsubscribe from non-transactional emails at any time

To exercise any of these rights, email support@agentmetrics.dev with the subject line "Privacy Request". We will respond within 30 days.

The Service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by email at least 14 days before they take effect. The "last updated" date at the top of this page indicates when the policy was last revised.

For questions or requests regarding this Privacy Policy, contact us at support@agentmetrics.dev.