Privacy Policy
Effective date: June 11, 2026 · Last updated: June 11, 2026
This Privacy Policy describes how AgentVitals ("we," "us," or "our") collects, uses, and shares information when you use our website at agentvitals.ai and our platform at app.agentvitals.ai (collectively, the "Service"). By using the Service, you agree to the collection and use of information as described here.
1. Information We Collect
Information you provide: When you use the free scanner or create an account, we collect your email address and the URLs you submit for scanning. For paid plans, billing details are processed directly by Stripe — we store only the customer reference, not your raw card data.
GitHub integration data: If you connect a GitHub repository, we receive your GitHub user ID, repository names, repository contents needed to open pull requests, and webhook events (pull request, push). We store an encrypted installation token to act on your behalf.
Scan data: We retain the results of scans you initiate, including the URL, scores, detected issues, and generated fix recommendations, for the duration of your subscription.
Usage and log data: We collect standard server logs (IP address, browser type, pages visited, timestamps) and in-app telemetry to operate and improve the Service.
Communications: If you contact us, we retain your messages and our responses.
2. How We Use Your Information
We use the information we collect to: deliver and improve the Service; provision and manage your account; send transactional communications (scan results, API keys, payment receipts, trial reminders); detect and prevent fraud or abuse; comply with legal obligations; and respond to your inquiries. We do not sell your personal information to third parties.
3. Sharing and Disclosure
We share your information only in the following circumstances:
- Service providers (sub-processors): We share data with the sub-processors listed in Section 4 to operate the Service.
- GitHub integration: When you authorize us to open pull requests, we interact with the GitHub API on your behalf. Our agents identify themselves honestly in request headers and never impersonate human users.
- Legal compliance: We may disclose information when required by law, subpoena, or court order, or to protect our rights or the safety of others.
- Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to this Privacy Policy.
4. Sub-processors
We use the following third-party service providers to operate the Service:
| Provider | Purpose | Location |
|---|---|---|
| Stripe, Inc. | Payment processing | USA |
| GitHub, Inc. (Microsoft) | Repository integration, pull request delivery | USA |
| Render Services, Inc. | Cloud hosting and infrastructure | USA |
| Sentry | Error and performance monitoring | USA |
5. Data Retention
We retain your account data for as long as your account is active and for a reasonable period thereafter to allow reactivation or to comply with legal obligations. Scan results are retained for the duration of your subscription. Upon account deletion, we delete or anonymize your personal data within 30 days, except where required by law.
GitHub repository contents used to generate pull requests are processed transiently and are not retained beyond what is necessary to deliver the pull request.
6. Your Rights and Choices
Depending on your jurisdiction, you may have the right to: access the personal data we hold about you; correct inaccurate data; request deletion; object to or restrict certain processing; and receive a portable copy of your data. To exercise any of these rights, contact us at support@agentvitals.ai. We will respond within 30 days. EU and UK residents may also lodge a complaint with their local data protection supervisory authority.
You may unsubscribe from marketing emails at any time using the link in any message we send.
7. Security
We implement technical and organizational measures to protect your data, including: AES-256 encryption at rest for credentials and stored tokens; TLS in transit for all data transmission; HMAC signature verification on webhook events; tenant isolation at the database level; and access controls limiting team access to production data. No method of transmission is 100% secure. Promptly revoke GitHub installation tokens if you believe your account has been compromised.
8. Cookies and Tracking
Our marketing site uses Google Analytics to understand aggregate traffic. We do not use tracking cookies for personalized advertising. The product dashboard uses a session cookie for authentication only. To opt out of Google Analytics, install the Google Analytics Opt-out Browser Add-on.
9. Children's Privacy
The Service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have inadvertently done so, contact us and we will delete it promptly.
10. International Transfers
AgentVitals is based in the United States. If you access the Service from outside the United States, your data may be transferred to and processed in the United States. For transfers of EU/UK personal data, we rely on Standard Contractual Clauses and the processing terms in our Data Processing Agreement.
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service at least 14 days before the changes take effect. Your continued use of the Service after changes take effect constitutes your acceptance.
Contact
Privacy questions or data requests: support@agentvitals.ai.