Policy
Privacy policy
Last updated July 12, 2026.
What OpenAgently processes
When you create or maintain an agent, the desktop app reads the selected folder to produce a scan summary and instruction files. Selected, non-excluded project context may be sent transiently to a company-operated model for that request. Repository source code is not retained in OpenAgently cloud storage. Session interactions may be summarized locally and synced after redaction so the improvement service can identify friction.
What is retained
We retain account and device metadata, project and agent names and goals, instruction-file versions, timestamps, derived redacted session summaries, activity records, and billing state. We do not retain raw repository code, raw native transcripts, credentials, or environment secrets as cloud records.
Your controls
Signing out stops authenticated sync from that device. During the beta, device revocation, data export, and cloud-history deletion are handled by request through [email protected]; self-service controls are not yet available. Deleting cloud history does not delete files in your repositories. We keep audit and deletion records only as needed to verify the request and meet legal obligations.
Security
Traffic uses TLS, API access is tenant-scoped, summaries are redacted at the daemon and API boundaries, and desktop tokens use OS-protected storage where available. Model prompts are transient and are not persisted as product data.
Contact
Questions or requests: [email protected].