Privacy Policy

Last updated: February 18, 2026

Overview

AgentKeys ("we", "us", "our") operates the agentkeys.io website and related services. This policy describes how we collect, use, and protect your information.

We take privacy seriously — especially because our product handles sensitive credentials. We collect the minimum data necessary to provide the service.

Information We Collect

Account information: Email address, name, and authentication provider data (GitHub, Google) when you sign up.

Credentials you store: API keys, tokens, passwords, and cookies that you add to AgentKeys. These are encrypted with AES-256-GCM at rest. We cannot read your plaintext credentials.

Usage data: Proxy request logs (target URL, status code, latency, timestamp). We do not log request or response bodies.

Technical data: IP address, browser type, and device information for security and analytics purposes.

How We Use Your Information

We use your information to:

  • Provide and maintain the AgentKeys service
  • Process proxy requests on behalf of your agents
  • Generate audit logs for your workspace
  • Send essential service communications
  • Detect and prevent abuse, fraud, and security issues
  • Improve and develop the product

Credential Security

All credentials are encrypted with AES-256-GCM using per-workspace master keys. Plaintext credentials are never stored in the database. They are decrypted only in memory at proxy request time and are never logged, cached, or written to disk.

Proxy tokens are SHA-256 hashed in the database. Even in the event of a database breach, neither credentials nor proxy tokens can be recovered.

Data Sharing

We do not sell your data. We do not share your credentials with anyone.

We may share anonymized, aggregated usage statistics. We may disclose information if required by law or to protect our rights and safety.

When you make a proxy request, your credential is injected into the request to the target API. This is the core function of the service and happens only at your direction.

Data Retention

Account data is retained while your account is active. Audit logs are retained for 90 days on the Free plan and 1 year on paid plans. You can delete your credentials and account at any time.

Your Rights

You have the right to:

  • Access your stored data
  • Delete your credentials and account
  • Export your audit logs
  • Revoke any proxy token instantly

Cookies

We use essential cookies for authentication and session management. We do not use tracking or advertising cookies.

Changes

We may update this policy from time to time. We will notify you of significant changes via email or a notice on the website.

Contact

Questions? Email us at privacy@agentkeys.io.