Last updated: February 27, 2026
When you authenticate, we collect: email address, display name, and provider-specific identifiers (e.g., OAuth subject ID). We do not collect passwords — authentication is delegated to OAuth providers or WebAuthn.
Your information is used solely to: (a) authenticate you, (b) manage your identity and linked providers, (c) enforce capability policies, and (d) generate provenance tokens for agent operations.
Identity data is stored in an encrypted HashiCorp Vault instance. Session data is held in memory and expires after 24 hours.
We do not sell or share your data with third parties. Identity claims may be included in provenance tokens that you explicitly authorize for agent operations.
You may request deletion of your identity by contacting us. Provenance records may be retained for audit purposes.
Questions: privacy@agentiagency.com