No retargeting pixels, third-party ad networks, or sale of personal information.
Privacy
Privacy Policy
Agent Tick routes bounded Requests and Responses between your local agents and the humans you choose. We do not sell personal information, use Request content for advertising, or train AI models on Request content.
Effective date: May 26, 2026
Hosted Requests, Responses, Status Updates, and Activity History are processed to operate Agent Tick, not to train models.
Self-hosted operators control their own server data, providers, backups, retention, and notices.
Scope
This policy covers the Agent Tick Marketing Site, hosted Agent Tick service, Hosted App/API, Dashboard, and first-party iOS and Android Native App behavior. It does not make Self-Deprecated ApS the operator of customer-run self-hosted servers. Agent Tick is a least-permission Request routing layer, not a remote shell.
Legal operator
Agent Tick is operated by Self-Deprecated ApS, Denmark. For privacy, account, billing, or deletion questions, email [email protected]. For suspected vulnerabilities, account takeover, or sensitive security reports, email [email protected].
Hosted users agree to the Terms of Service and acknowledge this Privacy Policy during hosted sign-up through Clerk’s legal consent flow before first hosted use. If you use Agent Tick through an organization, that organization may also control workspace membership, retention, and access to organization Activity History.
Data we process
Account identity
Email address, name if provided, hosted user ID, sign-in provider IDs, workspace membership, roles, settings, entitlement state, and account status.
Devices, agents, and push
Agent Connection names or metadata, revocable connection tokens or verification material, installation or device identifiers, device registrations, platform, notification settings, and push tokens used to route Requests and notifications.
Requests and Responses
Hosted Request titles, bodies, commands or action context, bounded choices, Sanction context, Steering questions, Status Updates, Responses, timestamps, routing state, and related Activity History. Request content is user-controlled and may contain sensitive data if you put it there; do not send secrets, private keys, bearer tokens, or raw prompt text in Request content.
Diagnostics and support
Opt-in mobile diagnostics, setup and reliability events, support emails, attachments you choose to send, and security reports. Diagnostic code is designed to sanitize token-like strings and avoid full Request payloads, but you should still avoid sending secrets or full approval content in support messages.
Analytics
Product and site analytics such as setup, onboarding, paywall, entitlement, language, section-view, file-download, outbound-link, and usage-shape events. These analytics are not used for ad tracking or retargeting.
Purchases and subscriptions
Trial state, Lifetime app unlock state, hosted-service subscription state, app-store product IDs, purchase or restore status, RevenueCat customer state, and hosted billing status. Apple, Google, RevenueCat, and app-store payment systems process payment and receipt information for Native App purchases.
Local app data
Server URL, account-switcher entries, preferences, local session state, self-hosted bearer tokens, push settings, and encryption key material where applicable. Sensitive app values are stored with platform secure storage where supported by the Native App.
Billing and organization administration
Hosted organization billing contacts, plan state, billing IDs, workspace settings, role changes, and operational records needed to administer hosted accounts and enforce limits, trials, and abuse protections.
How we use data
We use data to authenticate hosted users, route bounded Requests and Responses, deliver push notifications, show Activity History, manage devices and Agent Connections, provide Trials and paid entitlements, restore purchases, prevent abuse, secure the service, troubleshoot reliability issues, respond to support requests, comply with legal obligations, and understand aggregate product usage.
We do not use Request content for advertising, retargeting, third-party ad measurement, sale of personal information, or AI/model training. Local actions run in your local agent or workflow environment; Agent Tick records and routes the human decision but does not execute commands remotely.
Analytics, diagnostics, and local storage
Product analytics are limited to setup, onboarding, paywall, entitlement, and usage-shape events. Implementation should exclude Request titles, bodies, commands, choices, Responses, secrets, and customer payloads from analytics events. The public Marketing Site uses privacy-friendly aggregate Plausible analytics for page views, section views, downloads, outbound links, and tagged events; Plausible analytics is self-hosted for Self-Deprecated at launch.
Diagnostics are opt-in and intended for setup and reliability troubleshooting. Diagnostic snapshots may include app version, platform, device model, server URL, auth mode, connection status, push status, notification status, current screen, sanitized error messages, and recent diagnostic event labels. Diagnostic code sanitizes token-like strings and filters metadata keys such as token, secret, authorization, and cookie, but you remain responsible for not pasting secrets into support messages.
Agent Tick avoids non-essential cookies and trackers at launch. Hosted sign-in and
the Native App use essential session, local storage, or secure storage for account,
server, token, preference, and purchase state. The hosted web app and Marketing Site
honor local opt-out flags such as agent_tick_analytics_opt_out and plausible_ignore where those surfaces support them.
International transfers and residency
Primary hosted Agent Tick service data runs on EU infrastructure by default at launch, currently a VPS hosted in Germany. Self-Deprecated ApS is based in Denmark. Necessary third-party provider metadata for authentication, purchases, push, support, analytics, and security may be processed in other countries under those providers’ terms, data-processing arrangements, and configured regions. Custom residency commitments are an Enterprise path and are not included in the public self-serve service unless agreed separately.
Retention and deletion
Hosted personal Activity History defaults to about 30 days while hosted personal service is active. Hosted organization Activity History defaults to about 90 days. Retention can be configured or turned off where supported. When Activity History retention is off, completed Request content is deleted while minimal operational metadata may remain where needed for billing, trial limits, abuse prevention, security, legal compliance, backups, and system integrity.
If hosted personal service lapses, recent hosted history is kept through the 30-day read-only routing grace period for recovery, then deleted. Organization Activity History follows organization retention settings and organization lifecycle. Mobile diagnostics, support communications, billing records, security logs, and backups may be kept for a reasonable period needed for support, legal compliance, dispute resolution, security, and financial recordkeeping, then deleted or de-identified when no longer needed.
Your rights and choices
Hosted personal users can request deletion from the product surface where available or by emailing [email protected]. Hosted personal deletion removes hosted personal data and revokes hosted tokens and devices where safe. Hosted data export is not a launch feature. Organization owners can delete Agent Tick-hosted organization data where supported; organization members may need to contact the organization owner for organization-controlled records.
Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or receive a copy of personal information, and to complain to a data-protection authority. We will verify and respond to privacy requests through the support contact. Some records may be retained where required for security, billing, legal compliance, dispute resolution, or to protect the service.
You can disable optional diagnostics in the Native App, use analytics opt-out flags where supported, revoke hosted devices, manage or cancel App Store or Google Play subscriptions through the relevant store account, and disconnect self-hosted servers from the Native App.
Children’s privacy
Agent Tick is for developers, teams, and organizations. It is not directed to children and should not be used by children under the age required to consent to online services in their jurisdiction. If you believe a child provided personal information to Agent Tick, contact us so we can review and delete it where required.
Self-hosting boundaries
Self-hosted deployments run on infrastructure controlled by the self-hosted operator. That operator is responsible for the deployment’s data, backups, access controls, analytics, notification providers, retention windows, deletion processes, user notices, and compliance. Hosted Agent Tick cannot delete data from infrastructure we do not operate.
The first-party Native App may still store local settings, tokens, and purchase state and may use platform services needed for app functionality. If you connect the app only to a self-hosted server, hosted Agent Tick does not receive that server’s Request content unless you separately sign in to or route through the hosted service.
Contact
For privacy, account, billing, support, or deletion questions, email [email protected]. For suspected vulnerabilities, account takeover, or sensitive security reports, email [email protected]. Do not include agent tokens, private keys, secrets, or full Request payloads in the first message.