Privacy Policy

Last updated: May 25, 2026

1. Who we are

AgentKavach is a budget enforcement and cost tracking service for applications that call Large Language Model (LLM) APIs. This policy describes what we collect, why, and the controls you have. Privacy questions go to privacy@agentkavach.com.

2. Data we collect

We collect only what we need to enforce budgets, render dashboards, and bill you. Concretely:

  • Account data. Email, hashed password (bcrypt), first and last name, and organization name. Collected from you at registration.
  • Usage data. Per LLM call metadata sent by your SDK: model name, input and output token counts, computed cost, call duration, timestamp, and agent name. We never see your provider API keys.
  • Prompt content (optional, off by default). Stored only when your SDK is explicitly constructed with save_prompts=True — the SDK never transmits prompt text otherwise. Stored prompts are capped at 2 KB and auto-NULL'd after 30 days. We do not collect LLM responses or completions.
  • Operational data. API request logs, rate limit counters, session cookies, and OpenTelemetry spans used to operate the platform.
  • Billing data. Stripe customer ID and subscription state. Card numbers are held by Stripe; we never see them.

What we do not collect: LLM completion/response content, any customer PII embedded inside prompts (we don't inspect or analyze prompt content), or your LLM provider API keys.

3. Why we collect it

Three reasons, in order: (a) provide the service (cost tracking and budget enforcement); (b) send alerts to the channels you configure (email, Slack, PagerDuty, webhooks); (c) bill you. We do not sell data, do not run ads, and do not use your data to train models.

4. Where your data lives

We use the following infrastructure providers. Each is a sub processor listed in Section 8.

  • Timescale Cloud (PostgreSQL, us-east). Events, organizations, users, payments.
  • Confluent Cloud Kafka (us-east). Event pipeline buffer with 7 day retention.
  • Upstash Redis (us-east). Rate limit counters, auth cache, and spend cache.
  • Render (us-west). Backend API hosting.
  • Vercel (global edge). Dashboard hosting.
  • Resend (us). Transactional email delivery.
  • Stripe (us). Payments and billing.

5. How long we keep it

  • Events: retained indefinitely while your account is active. Removed when you delete your account.
  • Prompt content: 30 days maximum, then NULL'd by the retention sweep (Phase 53).
  • Kafka logs: 7 days (enforced via Kafka retention.ms).
  • Session cookies: 24 hours.
  • Rate limit counters: 24 hours (rolling).
  • Account deletion audit log (org_deletions): retained indefinitely. We are legally required to keep a record that a deletion occurred, even after the rest of the data is wiped.

6. Your rights

Whether or not GDPR applies to you, we extend the following rights to every user:

  • Access. Your dashboard shows every event we hold for your org. CSV exports are available from any agent's Events tab.
  • Rectification. Edit organization and user fields from Settings.
  • Erasure (right to be forgotten). Settings → Danger Zone → Delete account cascades a full wipe of every row tied to your org. The only record left behind is the org_deletions audit row required by law.
  • Portability. CSV exports per agent. The full event schema is documented and stable.
  • Pause processing. Settings → Danger Zone → Deactivate account stops ingestion and alerts without deleting data. Reactivation restores access. (Phase 69)
  • Object to processing. Email privacy@agentkavach.com and we'll respond within 30 days.

7. Cookies

We use exactly two cookies, both first party, both required to keep you logged in (Phase 52):

  • ak_session: HttpOnly, Secure, SameSite=Strict. Your session token. 24 hour expiry.
  • ak_csrf: JS readable, used for CSRF double submit verification. 24 hour expiry.

We do not set tracking cookies, advertising cookies, or analytics cookies. We do not embed third party trackers on the dashboard or marketing pages.

8. Sub processors

Each provider below handles a slice of your data on our behalf and is bound by their own privacy commitments:

9. Security

TLS in transit for every connection. Passwords are hashed with bcrypt (cost 12). Logout revokes the session by adding its JWT JTI to a denylist, so a stolen token stops working immediately. The dashboard ships with HSTS, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, and a strict Referrer-Policy. Auth uses HttpOnly session cookies plus a CSRF double submit token.

10. Children's data

AgentKavach is a developer tool and is not intended for use by anyone under 13. We do not knowingly collect data from children. If you believe a child has registered, email privacy@agentkavach.com and we will delete the account.

11. Changes to this policy

When we materially change this policy we notify account owners by email and show a banner in the dashboard. The "Last updated" date at the top of this page always reflects the current version.

12. Contact

For any privacy question (access requests, deletion requests, sub processor questions, or anything else) write to privacy@agentkavach.com. We aim to respond within 30 days.