Privacy Policy

Kintic helps you log and understand agent decisions. This policy explains what we collect, how we use it, and the choices you have. We built Kintic for teams who need clarity without surprises — including when it comes to data.

We collect only what we need to run the product and bill your account:

• Agent decision context snapshots — the inputs, outputs, and metadata you send when logging a decision.
• Belief states and delegation chains — structured data that describes how your agents reason and delegate work.
• Account email — for authentication, security notices, and (if you opt in) product updates.
• Usage metrics — for example API call volume, error rates, and feature usage, to keep the service reliable and to understand capacity.
• Stripe payment information — billing status and subscription details. We do not handle your full card number (Stripe does).

We use industry-standard practices on AWS:

• DynamoDB stores decision metadata and indexes for fast queries in your dashboard.
• Amazon S3 holds large context snapshots when payloads exceed what we keep inline in the database.
• All data is encrypted at rest using AWS-managed encryption for the services we use.
• Everything is stored securely on AWS in an architecture designed by an AWS Solutions Architect professional.
• Data is isolated per account using your user identifier — your workspace is not co-mingled with others at the application layer.
• API keys are stored as SHA-256 hashes. For current keys, we store a hash of the secret portion only; we never persist full API key material in plaintext.

• Free plan: decision and context data is retained for up to 7 days, after which it is deleted or made unavailable according to our retention jobs.
• Dev plan: up to 14 days of retention. Startup plan: up to 90 days. Enterprise plan: up to 365 days, unless your contract states otherwise.
• After you delete your account, we remove associated account data within 30 days, subject to limited exceptions such as billing records we are legally required to retain.

• You — through your authenticated dashboard and API, using your credentials.
• Kintic staff cannot browse your agent context snapshots for support or curiosity. We do not access your logged decision content without your explicit permission (for example, if you invite us to debug a specific issue).
• We never sell your data to third parties.
• We never use your agent decision data to train models. When you use the Agent Autopsy feature, decision context is sent to Anthropic's API to generate your report. Anthropic does not use API data for model training. See Anthropic's privacy policy for details.

• Amazon Web Services — hosting, databases, object storage, and related infrastructure.
• Stripe — subscription billing. Card details are collected and processed by Stripe; we receive payment status and billing metadata, not your full card number.
• Anthropic — powers the Agent Autopsy feature. Decision context snapshots are sent to Anthropic's API to generate forensic reports. Data is processed under Anthropic's API terms and is not used for model training.
• We do not load third-party advertising or analytics trackers on the product for the purpose of cross-site profiling.

• You can request an export of your data where supported by the product — ask us if you need a complete dump in a specific format.
• You can delete your account and associated data at any time from Settings, subject to short backup and legal retention windows described above.
• Questions or requests about privacy: contact us at privacy@kintic.dev.

• Data in transit is protected with TLS.
• API keys are validated using SHA-256 hash comparison against stored hashes with constant-time checks. Plaintext keys are not stored for comparison.
• Internal services use AWS IAM roles and least-privilege access — not long-lived hardcoded credentials checked into code.
• We do not embed production secrets in client apps or public repositories.

We may update this policy as the product evolves. If we make a material change, we will email registered users at the address on file. Your continued use of the service after we post that change means you accept the updated policy.