Privacy Policy

1. Introduction

SuprAgent AI ("we," "our," or "us") provides AI agent orchestration and deployment services. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our platform, website, and services (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use our Services.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, company name, and billing information when you create an account.
• Profile Data: Additional information you choose to provide in your profile.
• Agent Configuration: Data related to your AI agent setup, including prompts, workflows, and integrations.
• Communications: Information you provide when contacting our support team or sales.

2.2 Automatically Collected Information

• Usage Data: Information about how you interact with our Services, including conversation metrics, feature usage, and performance data.
• Technical Data: IP address, browser type, device information, operating system, and referring URLs.
• Cookies and Tracking: We use cookies and similar technologies for authentication, preferences, and analytics. See our Cookie Policy for details.

2.3 End-User Conversation Data

• Conversation Transcripts: Text and voice data from conversations between your customers and AI agents.
• User Inputs: Data entered by end-users during interactions with your agents.
• Important Note: You are the data controller for end-user data. We process this data solely as your data processor according to your instructions.

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: To provide, maintain, and improve our Services.
• Agent Orchestration: To process conversations and deliver AI agent functionality.
• Analytics: To analyze usage patterns and improve platform performance.
• Communication: To send service updates, security alerts, and support messages.
• Billing: To process payments and prevent fraud.
• Compliance: To comply with legal obligations and enforce our Terms of Service.
• Improvement: To develop new features and enhance user experience.

4. Data Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

4.1 Service Providers

We may share data with third-party service providers who perform services on our behalf:

• Cloud infrastructure providers (AWS, GCP)
• AI model providers (OpenAI, Anthropic) - only if you choose to use their models
• Payment processors
• Analytics and monitoring tools
• Customer support platforms

4.2 Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect our rights, property, or safety.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

5. Data Retention

We retain your information for as long as necessary to provide our Services and fulfill the purposes described in this policy. Specific retention periods:

• Account Data: Retained while your account is active and for 90 days after closure.
• Conversation Data: Retained according to your configuration (default: 30 days, customizable up to 2 years).
• Billing Records: Retained for 7 years for tax and accounting purposes.
• Analytics Data: Aggregated and anonymized data may be retained indefinitely.

6. Data Security

We implement industry-standard security measures to protect your information:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Regular security audits and penetration testing
• Access controls and authentication (MFA available)
• Employee security training and background checks
• Incident response procedures
• SOC 2 Type II certification (in progress)

7. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal information.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal information (right to be forgotten).
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing of your data for certain purposes.
• Restriction: Request restriction of processing in certain circumstances.
• Withdrawal: Withdraw consent where processing is based on consent.

To exercise these rights, contact us at support@supragent.ai. We will respond within 30 days.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements (DPAs) with all sub-processors
• Self-hosting options for customers requiring data residency

9. Children's Privacy

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us, and we will delete such information.

10. AI Model Providers and Data Processing

SuprAgent supports multiple AI model providers. Important notes:

• Your Choice: You control which AI models are used (OpenAI, Anthropic, open-source, or your own).
• Data Processing: Conversation data may be sent to your chosen model provider for inference.
• Model Provider Policies: Each provider has their own data policies. We recommend reviewing them.
• Self-Hosted Models: For complete data control, use self-hosted models where no data leaves your infrastructure.
• No Training: We do not use your data to train AI models, and we select providers with similar commitments.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website
• Updating the "Last Updated" date
• Sending email notifications for significant changes

Your continued use of our Services after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

13. Regional Specific Information

13.1 For EEA/UK Residents (GDPR)

We are committed to GDPR compliance. Our legal basis for processing includes:

• Contract Performance: Processing necessary to provide our Services.
• Legitimate Interests: Improving our Services, security, and fraud prevention.
• Consent: Where you have provided explicit consent.
• Legal Obligation: Compliance with applicable laws.

You have the right to lodge a complaint with your local supervisory authority.

13.2 For California Residents (CCPA)

California residents have additional rights under CCPA:

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information (we do not sell data)
• Right to deletion
• Right to non-discrimination for exercising CCPA rights