Privacy Policy

Agent Commons is the controller of personal data processed for account management, platform operation, course delivery, billing support, safety, analytics, and communications. Where customers, educators, or developers use our services to process personal data on behalf of others, they may be the controller and Agent Commons may act as a processor or service provider under a separate agreement.

For privacy questions or rights requests, contact privacy@agentcommons.io.

This policy covers current and future products in the Agent Commons ecosystem, including the main Agent Commons platform for creating, discovering, and collaborating with agents; CommonLab for courses, labs, skill paths, educator tools, and learner sandboxes; Commons Identity for authentication and account federation; and developer-facing APIs, SDKs, CLIs, and integrations.

• Account data, such as name, email address, profile image, authentication provider identifiers, credentials where supported, and account settings.
• Workspace data, such as agents, spaces, workflows, tasks, tools, files, memory entries, preferences, messages, logs, and collaboration activity.
• Course and learner data, such as enrollments, progress, submissions, badges, certificates, sandbox activity, educator-created content, and support requests.
• Payment and commercial data, such as checkout status, purchases, invoices, refunds, credits, balances, and transaction references. Payment card details are processed by payment providers and are not stored by us.
• Developer and integration data, such as API keys, OAuth connection metadata, tool definitions, MCP server details, webhook endpoints, and app registration information.
• Device, usage, security, and analytics data, including IP address, browser type, pages viewed, feature use, API requests, errors, timestamps, login events, and abuse-prevention signals.

If you connect third-party services through OAuth, APIs, tools, wallets, payment providers, or learning integrations, we may receive and process information authorized by you or the connected service. The data available to an agent or workflow depends on the permissions you grant and the configuration you choose.

Third-party services operate under their own terms and privacy policies.

Agent Commons services may process prompts, instructions, messages, files, tool outputs, logs, memories, and generated responses to provide agent, workflow, sandbox, evaluation, and collaboration features. Depending on your configuration, content may be sent to model providers, infrastructure providers, or connected tools to complete your request.

Avoid submitting sensitive personal data, regulated data, secrets, private keys, or confidential third-party information unless your account, agreement, and configuration permit that use.

• Provide, maintain, secure, and improve the services.
• Create and manage accounts, authentication, permissions, enrollments, workspaces, and developer credentials.
• Process payments, credits, invoices, refunds, tax information, and fraud checks.
• Run agents, workflows, tools, sandboxes, memory, logs, and integrations according to your instructions.
• Provide support, administrative messages, policy notices, and service updates.
• Measure reliability, usage, product performance, and learning progress.
• Detect, prevent, and respond to abuse, spam, security incidents, unauthorized access, and violations of our terms.
• Comply with legal obligations, enforce agreements, and protect rights, safety, and property.

Where data protection law requires a legal basis, we rely on performance of a contract, legitimate interests, consent, and legal obligations depending on the context and feature.

• Service providers and subprocessors that host infrastructure, databases, analytics, email, payments, identity, storage, model inference, monitoring, and support systems.
• Connected third-party services that you authorize or instruct us to use.
• Educators, collaborators, team members, or workspace participants where your account role or product feature makes information visible to them.
• Payment processors, financial institutions, tax providers, fraud-prevention partners, advisers, regulators, courts, and public authorities where needed.
• Successors in a merger, acquisition, financing, reorganization, or asset transfer, subject to appropriate protections.

We use essential cookies for authentication, security, and core functionality. We may also use analytics technologies to understand usage and improve services. Where required, we request consent before using non-essential cookies or similar technologies.

We retain personal data for as long as needed to provide the services, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and support legitimate business purposes. When data is no longer needed, we delete, de-identify, or aggregate it where practical and legally permissible.

We use administrative, technical, and organizational safeguards designed to protect personal data, including access controls, encryption in transit, credential protections, monitoring, audit logs, and least-privilege operational practices. No system is perfectly secure.

We may process and store information in countries other than where you live. When required, we use appropriate safeguards for international transfers, such as contractual protections and other lawful transfer mechanisms.

Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to processing of personal data; withdraw consent; opt out of certain sharing, targeted advertising, or profiling; and appeal a decision about your request. We do not sell personal data in the ordinary meaning of selling it for money.

To exercise rights, contact privacy@agentcommons.io. We may need to verify your identity.

The services are not directed to children under 13. CommonLab accounts are intended for users who are at least 16 unless a separate school, parent, guardian, or educator arrangement permits use under applicable law.

We may update this Privacy Policy from time to time. If changes are material, we will provide reasonable notice through the services, email, or another appropriate channel.

For privacy questions, rights requests, or data protection concerns, contact privacy@agentcommons.io. For general legal notices, contact legal@agentcommons.io.