Privacy Policy

Last updated: May 2026

1. Information We Collect

Account data: Name, email address, and authentication provider information (via Clerk).

Usage data: Agent execution traces, model usage, token counts, cost metrics, and API call metadata submitted through the SDK.

API keys: Stored as irreversible SHA-256 hashes. We never store or have access to your plain&hyphen;text API keys after creation.

2. How We Use Your Data

We use your data to: (a) provide the dashboard analytics and trace viewer; (b) enforce budget limits; (c) send email notifications you have opted into; (d) improve the Service.

3. Data Storage

Data is stored in Convex (real-time database) with encryption at rest. Authentication is handled by Clerk with industry-standard security practices. All data is scoped per user — enforced at the database query level.

4. Data Sharing

We do not sell your data. We share data only with: (a) Convex (database provider); (b) Clerk (authentication provider); (c) SMTP provider (for transactional emails). No data is shared with LLM providers through our Service.

5. GDPR Compliance

Archon supports GDPR rights including: (a) Right to access — export all your data from Settings; (b) Right to erasure — delete your account and all associated data; (c) Right to portability — download traces in JSON format. Audit logs are retained per governance policy even after erasure.

6. Cookies

We use essential cookies for authentication (Clerk session tokens). No tracking or advertising cookies are used.

7. Email Communications

Transactional emails (welcome, API key events, security alerts) are sent from noreply@archon.yashbogam.me. You can manage notification preferences in Settings. Emails are sent via SMTP — we do not use third-party email marketing platforms.

8. Data Retention

Agent traces are retained indefinitely unless you delete them. Account data is deleted upon account deletion. Audit logs may be retained for compliance purposes.

9. Security

We implement: SHA-256 hashed API keys, scoped database queries (per-user isolation), HTTPS everywhere, JWT-based authentication with automatic token refresh, and default-deny security policies in the SDK.

10. Changes

We may update this policy. Material changes will be communicated via email to your registered address.

11. Contact

For privacy inquiries, contact hello@yashbogam.me.