AGMNT

Privacy · Draft

Privacy policy.

This is a placeholder draft, accurate to how AGMNT operates today. It will be replaced with a final, counsel-reviewed policy before general availability.

Last updated May 4, 2026

Data we collect

What we collect.

  • Account data. Email and authentication identifiers. You can sign in with Google or with email and password — both flows are handled by Supabase Auth, which sets a session cookie on your browser.
  • Profile inputs. Anything you fill in during onboarding (industry, business stage, goals) so AGMNT can tailor its recommendations.
  • Connected business data. The records AGMNT pulls from systems you authorize — orders, products, inventory, customers, payouts, analytics events, social-media metrics. Stored in our Supabase database keyed to your user ID.
  • Integration tokens. OAuth access and refresh tokens for connected providers. Stored encrypted at rest in Supabase Vault and only decrypted server-side at sync time.
  • Prompts and chat history. Questions you ask AGMNT, the data the model reads to answer them, and the responses generated.
  • Operational logs. Request logs, errors, and rate-limit counters needed to run and secure the service.
  • Billing data. Subscription state (plan, status, period). Card numbers are handled by Stripe — AGMNT never sees or stores them.

Use

How we use it.

  • To run the product — sync your connected sources, generate findings, and answer questions you ask.
  • To operate and secure the service: monitoring, debugging, rate-limiting, and abuse prevention.
  • To handle billing through Stripe and to email you about your account or material service changes.
  • We do not sell your data. AGMNT does not train any AI model on your data. Prompts and the records needed to answer them are forwarded to the AI providers listed below under their terms — we do not control their internal data handling, only what we choose to send.

Connectors

What we ask for from connected sources.

You authorize each connector individually. Scopes vary by provider:

  • Shopify — read orders, products, inventory, customers, analytics.
  • Stripe Connect — issued as read_write by Stripe's OAuth flow. AGMNT only reads payments and payouts in normal operation.
  • Google Analytics 4 — read-only analytics access.
  • Salesforce — standard api + refresh_token offline_access for ongoing reads.
  • Instagram (Meta) — basic profile, content publish capability, insights, and page read engagement. AGMNT only reads insights and metrics in normal operation.

You can disconnect any provider at any time from Connections. Disconnecting revokes the stored token immediately and stops all further reads.

Subprocessors

Third-party services we rely on.

  • Supabase — authentication, primary Postgres database, and encrypted token vault.
  • Stripe — subscription billing and card processing.
  • Inngest — background job execution for syncs and scheduled work.
  • Upstash (Redis) — rate limiting and short-lived counters.
  • Resend — transactional email (account, scheduled reports).
  • Zhipu AI (GLM) — the model that powers reasoning, findings, and chat. Prompts and the data needed to answer them are sent to Zhipu's API.
  • Exa — web search used to ground market-intelligence research. Search queries are sent to Exa; your business data is not.

Your rights

Access, export, and deletion.

You can disconnect integrations and remove their data from the product surface yourself via Connections.

For a copy of your data, correction of inaccuracies, or full deletion of your account and all associated records, email privacy@agmnt.app. We aim to respond within 30 days.

Contact

Questions.

Privacy questions, requests, or concerns: privacy@agmnt.app.