Privacy Policy

Account Information

When you sign in with Google OAuth, we collect your name, email address, and profile picture. This information is used to create and manage your Agentcy account.

Marketing Data

When you make queries, Agentcy connects to your authorized marketing platforms to fetch data in real-time. The specific data accessed depends on which services you connect and authorize:

• Google Analytics 4 — website traffic, page views, conversions, audience demographics, acquisition channels
• Google Search Console — search queries, impressions, clicks, click-through rates, indexing status
• Google Ads — campaign performance, ad spend, clicks, conversions, return on ad spend
• Other platforms — WooCommerce, HubSpot, and additional sources you connect may provide order data, CRM data, and other marketing metrics

This data is processed to generate insights and is not stored long-term. We do not maintain a copy of your marketing data after the response is delivered.

Usage Data

We collect information about how you use the service, including queries made, services used, response times, and error rates. This data is used to improve service quality, monitor performance, and enforce usage quotas.

Billing Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers or other payment instrument details on our servers. Stripe may collect information necessary to process your payments in accordance with their own privacy policy.

Agentcy's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only use Google data to provide and improve user-facing features of Agentcy.
• We do not transfer Google data to third parties except as necessary to provide and improve user-facing features, as required by law, or with your explicit consent.
• We do not use Google data for advertising purposes or to build advertising profiles.
• We do not allow humans to read Google data unless you have given affirmative consent, it is necessary for security purposes (e.g., investigating abuse), it is required to comply with applicable law, or the data has been aggregated and anonymized for internal operations.
• We do not use Google data to train AI or machine learning models.
• We do not sell, rent, or trade Google user data to any third party.
• All access to Google services is read-only. Agentcy retrieves data for analysis but does not modify, write, or delete data in your Google accounts.

Agentcy uses Google's Gemini API to analyze and synthesize data from your connected marketing services (such as Google Analytics, Search Console, and Google Ads). When you submit a query, your marketing data is sent to the Gemini API to generate the insights you requested. Per Google's Gemini API Additional Terms of Service, data processed through paid services is not used to train or improve AI models.

• Provide the service — authenticate your identity, connect to your marketing data sources, execute queries, and deliver synthesized insights.
• Improve the service — analyze usage patterns, identify errors, optimize performance, and develop new features.
• Communicate with you — send service announcements, respond to support requests, and notify you of material changes to our policies.
• Billing — manage your subscription, enforce usage quotas, and process payments through Stripe.

We employ industry-standard security measures to protect your data:

• Database — Supabase with Row Level Security (RLS), providing multi-tenant isolation so one account's data can never be accessed by another.
• Credential Encryption — API keys and secrets you provide are encrypted using Supabase Vault (AES-256-GCM) and never stored in plaintext.
• Hosting — Cloudflare Workers for edge computing with global distribution.
• Transmission — All data is transmitted over HTTPS/TLS. We do not accept unencrypted connections.

Agentcy integrates with the following third-party services to operate:

• Supabase — database hosting and authentication.
• Cloudflare — application hosting and content delivery.
• Stripe — payment processing and subscription management.
• Google — OAuth authentication and marketing APIs (GA4, Search Console, Google Ads).
• Google Gemini API — to generate synthesized marketing insights, your query text and processed marketing data (including data retrieved from connected platforms such as Google APIs) are sent to Google's Gemini API. This processing is necessary to deliver the core functionality of the Service. See our AI Transparency section for details.

Each third-party service operates under its own privacy policy. We encourage you to review those policies for information on how they handle data.

• Marketing data — processed in real-time and not stored. Data is fetched, synthesized, and returned within a single request lifecycle.
• Usage logs — raw request-level logs (including the text of queries you make) are retained for 90 days and then automatically deleted. Aggregated usage rollups (counts, latency, cost — no query text) are retained for service analytics, quota enforcement, and billing reconciliation.
• Account data — retained while your account is active and for a reasonable period afterward to comply with legal obligations.
• Credentials — encrypted and stored only while the associated service is connected. Credentials are permanently deleted when you disconnect a service or delete your account.

You have the following rights regarding your data:

• Access — view your data at any time through the Agentcy portal.
• Deletion — request deletion of your account and all associated data. Account data, credentials, and configurations are deleted within 30 days of your request.
• Disconnect — disconnect any connected service or Google account at any time through the Agentcy portal. When you disconnect a Google account, stored OAuth tokens are permanently deleted and Agentcy can no longer access data on your behalf. Associated service configurations are removed.
• Revoke Google access — you can also revoke Agentcy's access to your Google account at any time by visiting myaccount.google.com/permissions.
• Export — export your usage data.

To exercise any of these rights, contact us at legal@goagentcy.com.

Essential Cookies

The Agentcy portal (app.goagentcy.com) uses cookies for authentication session management (Supabase auth cookies). These are strictly necessary for the service to function and cannot be disabled.

Analytics Cookies

Our marketing website (goagentcy.com) uses Google Analytics 4 to understand how visitors use the site. GA4 sets the following cookies:

• _ga — distinguishes unique visitors. Expires after 2 years.
• _ga_* — maintains session state. Expires after 2 years.
• _gid — distinguishes visitors within a 24-hour period. Expires after 24 hours.
• agcy_ft — first-touch marketing attribution. Remembers which source (e.g., directory, referrer, campaign) brought you to Agentcy so we can understand which channels help us reach new users. Contains only UTM parameters and the referring URL — no personally identifiable information. Scoped to .goagentcy.com so the portal can read it at signup time. Expires after 90 days.

Analytics cookies are only set with your consent. You can manage your cookie preferences at any time using the cookie settings link in the website footer. Analytics data is collected anonymously and is not used for advertising.

No Advertising Cookies

We do not use advertising cookies, remarketing pixels, or any third-party tracking for ad targeting purposes.

Agentcy is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through a prominent notice in the Agentcy portal. Your continued use of the service after such notification constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, contact us:

• Email: legal@goagentcy.com
• Redstitch Digital
• Arizona, United States