Privacy Policy

Legal name: PROVEX LLC Registered in: Republic of Armenia Data Protection contact: [email protected] We are the data controller for personal data processed through the Service.

Information you provide Account information: name, email address, password (hashed), and any profile details you submit. Payment information: processed by Paddle (our Merchant of Record) — we receive only transaction metadata, never full card numbers. User Content: prompts, knowledge files, agent configurations, and other content you upload. Communications: support requests and any correspondence with us. Information we collect automatically Usage data: pages visited, features used, agent runs, tool calls, token consumption. Device data: IP address, browser type, operating system, device identifiers. Cookies and similar technologies: session cookies, authentication tokens, analytics cookies. Information from third parties OAuth providers: if you sign in via Google, we receive your name and email from them, in line with the permissions you grant. Payment processor: Paddle returns transaction confirmations and customer identifiers.

We use your information to: • Provide, operate, and maintain the Service. • Process subscriptions, payments, and refunds via Paddle. • Authenticate you and protect your account. • Send service-related notifications (billing, security, product updates). • Respond to support requests. • Improve the Service through analytics and product research. • Detect, prevent, and respond to fraud, abuse, or security incidents. • Comply with legal obligations. We do not sell your personal information. We do not use your User Content to train AI models.

We process personal data on the following legal bases: Contract: to deliver the Service you've signed up for. Legitimate interest: to improve the Service, prevent fraud, and ensure security. Consent: for optional cookies and marketing communications. Legal obligation: to comply with tax, accounting, and regulatory requirements.

We share information only as described below: Paddle (Payment Processor / Merchant of Record): processes payments, tax, and billing on our behalf. Anthropic and other LLM providers: when you run agents, prompts and context are sent to the provider that powers the agent. Their use of that data is governed by their own privacy policies. MCP server operators: if you connect external Model Context Protocol servers, your queries are sent to them. Cloud infrastructure providers: hosting and storage providers operating under data processing agreements with us. Authorities: when required by law, court order, or to protect rights, property, or safety. Business transfers: if we are acquired or merge with another entity, your information may be transferred subject to this policy.

We are based in Armenia. Your data may be processed in Armenia, the United States, the European Union, and other jurisdictions where our service providers operate. We rely on Standard Contractual Clauses or equivalent mechanisms when transferring data internationally.

Account data: retained while your account is active and for up to 24 months after closure for legal and audit purposes. Payment records: retained for 7 years to comply with tax and accounting obligations. Usage logs: retained for up to 12 months. User Content: deleted within 30 days of account closure unless required to retain longer by law.

Depending on your jurisdiction, you may have the right to: Access the personal data we hold about you. Correct inaccurate data. Delete your data ("right to be forgotten"). Object to or restrict processing. Portability — receive your data in a machine-readable format. Withdraw consent at any time. Lodge a complaint with your local data protection authority. To exercise any right, email [email protected]. We will respond within 30 days.

We use industry-standard measures to protect your data, including: Encryption in transit (TLS) and at rest. AES-256-GCM encryption for stored API keys and credentials. Access controls and audit logging. Regular security reviews. No system is perfectly secure; you use the Service at your own risk.

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have, contact us at [email protected] for deletion.

We use cookies for authentication, session management, and analytics. You can disable non-essential cookies in your browser settings.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-product notice at least 30 days before they take effect.

For privacy questions or requests, contact us at [email protected] For our data protection representative or any unresolved concerns, you may also contact your local data protection authority.