AGCMS

Privacy Policy

Last updated: 2026-04-22 · Placeholder. The authoritative version is attached as Schedule A to your Master Services Agreement.

What we collect

  • Account profile (name, email, role, tenant subdomain).
  • API request metadata routed through the gateway.
  • Audit log entries you produce inside your tenant.
  • Operational telemetry (latency, error counts) — never request bodies.

What we do not collect

  • Plaintext request or response bodies are never written to disk in cleartext.
  • We do not train models on your traffic.
  • We do not sell or share customer data with third parties for advertising.

Where data is stored

AWS — region of your choosing (us-east-1, us-west-2, eu-west-1, eu-central-1). Audit anchors are written to S3 Object Lock in the same region as your tenant.

Subprocessors

See the security page for the full subprocessor list.

Your rights

  • Access — export your data via the dashboard or API at any time.
  • Erasure (GDPR Article 17) — two-admin approval; PII tombstoned without breaking the audit chain.
  • Portability — bundle export ships JSONL + verifier.

Contact

Privacy questions: privacy@agcms.com. Security disclosures: security@agcms.com.