What we collect, why, and how we protect it.

agentplain is a service partnership. To do the work we promise, we need read access to your operating systems — email (Gmail or Microsoft 365), calendar, your file substrate (Google Drive or OneDrive), your accounting tool (QuickBooks Online), your CRM, and your transaction or document management system depending on vertical. You authorize each connection explicitly through the integration tile's OAuth flow.

Connection scopes are the minimum needed to deliver the value loop (read, categorize, coordinate, schedule, draft). We never request send-on-your-behalf scopes on email — the fleet drafts into your inbox; you send from your own account.

We also collect account-level data you give us directly: your name, business email, business name, billing details, the vertical you picked, and the configuration choices you make in the workspace (tone, default hours, scheduling preferences, skill selections).

Every piece of data we hold is scoped to a single customer workspace. The fleet uses it to do the work you hired us to do: categorize inbound, draft replies, propose meeting times, surface compliance flags, generate briefings. Each draft lands in your approvals queue. Nothing sends outbound on your behalf — your existing email, calendar, and CRM execute every send from your own account.

We use connected systems' data to train the fleet on your voice and preferences (which we store as an append-only feedback log in your workspace). We do not train any base model on your data, do not share your data with any AI model provider's training pipeline, and do not pool data across customers.

Customer-facing payloads (approval queue items, handoff log entries, the knowledge substrate documents you connect or upload) are encrypted at rest using AES-256-GCM with a per-environment key. Production secrets are stored only in our hosting provider's secrets store (Vercel) and never in source control.

Database rows carry a workspace_id column enforced by row-level security policies — queries are constrained at the database layer so a leaked query helper cannot return another customer's data. The same isolation extends to vector embeddings: every chunk in the knowledge substrate is workspace-scoped.

OAuth tokens for your connected systems live encrypted alongside the rest of your workspace state. Token refresh happens server-side; tokens never leave our infrastructure.

We use a small set of named subprocessors. Each is contractually bound by their own data-processing terms; we are responsible for our choice of them and for the configuration of our use.

• Anthropic — model inference. On the no-training API tier; your data is not used to train models. Customer data passes through model context only for the duration of an inference call.
• Neon — Postgres database hosting. Encrypted at rest + in transit; daily backups.
• Vercel — application hosting + edge network.
• Stripe — payment processing. We never see or store full card numbers; Stripe holds the payment method, we hold a customer ID + last-four.
• Resend — transactional email (sign-in links, billing receipts, support replies).
• Sentry — error monitoring. PII scrubbed at the edge before events leave our infrastructure.
• Inngest — event + cron orchestration. Receives event payloads but not OAuth tokens or full document bodies.

You can export your workspace data and close the workspace from inside the product at any time. Workspace closure triggers a 7-day soft-delete grace window during which you can restore; after that, customer-facing rows are hard-deleted from our primary database. Backups retain encrypted snapshots for an additional 30 days for disaster recovery; we do not restore from backups except to recover from a service-affecting incident, and we never read backup contents.

If you have a deletion request that's broader than the in-product controls, or any other data-subject question, email hello@agentplain.com and we'll handle it in writing.

agentplain is not a licensed broker, lender, carrier, attorney, CPA, RIA, or any other regulated party in the verticals we serve. Liability for licensed activities — broker-of-record decisions, tax filings, legal advice, fiduciary recommendations, insurance placements — stays with you and your firm. Every customer-facing output is drafted, queued for your review, and sent (if at all) by you from your own systems.

Material changes are announced by email to your workspace owner at least 30 days before they take effect. The latest version always lives at this URL.

Contact: hello@agentplain.com. Or read our terms and security pages.