Privacy Policy

Effective date: March 16, 2026

agent-life ("we", "us", "our") operates the agent-life.ai website and the alf command-line tool (collectively, the "Service"). This page describes what data we collect, how we use it, and your rights.

1. What We Collect

Account information

When you create an account we collect your email address and a hashed password (bcrypt). We never store plaintext passwords.

Agent data

When you use the sync service, we receive and store agent snapshots and incremental deltas. These may include agent memory records, identity documents, user context, and workspace artifacts. Credentials stored in your agent's vault are encrypted on your device before upload using a key you control (Argon2id key derivation). We store only ciphertext we cannot decrypt.

API keys

API keys you generate through the dashboard are stored as hashed values. The full key is shown once at creation and never stored in plaintext.

Usage and diagnostics

We collect standard server logs (IP address, request timestamps, user agent) to operate and protect the Service. We do not use third-party analytics or advertising trackers.

Waitlist

If you join the waitlist we collect your email address to send launch updates and early-access invitations. We do not share this list with third parties.

2. How We Use Your Data

  • To provide, maintain, and improve the Service.
  • To authenticate you and protect your account.
  • To sync, back up, and restore your agent state as you direct.
  • To send transactional emails (password resets, security alerts).
  • To send waitlist and product updates (you may unsubscribe at any time).
  • To detect and prevent abuse, fraud, and security incidents.

3. Zero-Knowledge Architecture

Agent credentials (API keys, tokens, secrets) are encrypted client-side using a passphrase-derived key before they leave your device. The Service stores encrypted blobs and cannot decrypt your credentials. Each credential is independently encrypted for selective restore. If you lose your passphrase, we cannot recover your encrypted credentials.

4. Data Storage and Security

Data is stored on infrastructure hosted in the United States. We use industry-standard measures to protect data at rest and in transit, including TLS for all connections and encrypted storage volumes. Access to production systems is restricted to authorized personnel.

5. Data Retention

We retain your account data and agent snapshots for as long as your account is active. If you delete your account, we will delete your data within 30 days, except where retention is required by law. Server logs are retained for up to 90 days.

6. Data Sharing

We do not sell your data. We may share data only in these circumstances:

  • Service providers — hosting and infrastructure vendors that process data on our behalf under contractual obligations.
  • Legal requirements — when required by law, regulation, or valid legal process.
  • Safety — to protect the rights, safety, or property of our users or the public.

7. Your Rights

You may:

  • Access your data through the dashboard or API.
  • Export your agent data at any time using the alf export command.
  • Delete your account and all associated data by contacting us.
  • Opt out of non-essential communications at any time.

8. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies.

9. Children's Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this policy from time to time. We will notify registered users of material changes via email. The "effective date" at the top of this page indicates the latest revision.

11. Contact

Questions about this policy? Email us at info@agent-life.ai.