← Back to home

Privacy Policy

Effective date: February 23, 2026

AgentOne ("we," "us," or "our") operates the AgentOne desktop application and the website located at www.agent-one.dev (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, and your choices regarding your data.

1. Information We Collect

1.1 Account Information

When you create an account, we collect the following:

  • Name — provided by you or your OAuth provider.
  • Email address — used for authentication and account communications.
  • Profile image — if provided via an OAuth provider (Google or GitHub), or uploaded directly by you.
  • Password — if you sign up with email and password, stored in hashed form. We never store or have access to your plaintext password.

1.2 Session and Authentication Data

When you sign in, we collect and store session data including:

  • Session tokens and expiration timestamps.
  • IP address and user agent string of the device used to sign in.
  • Last login method (e.g., email, Google, GitHub).

1.3 Chat History Sync

Your chat history and messages are synced to our servers and stored so they can be accessed across your devices. This sync is a core feature of the Service and occurs automatically when you are signed in. Chat data is associated with your account and stored on our servers.

1.4 Synced Settings

If you enable settings sync in the desktop application, your application preferences (such as theme, text scale, tool configurations, and other non-sensitive settings) are transmitted to and stored on our servers so they can be synchronized across your devices. Settings sync is optional and can be disabled at any time.

1.5 API Key Sync

You may separately opt in to API key sync, which allows your third-party API keys to be synced across your devices. If you enable this feature, your API keys are encrypted before transmission and stored on our servers in encrypted form. API key sync is entirely optional, requires separate opt-in from settings sync, and can be disabled at any time. When disabled, synced API keys are deleted from our servers.

1.6 Profile Images

You may upload a profile image directly, in addition to receiving one from an OAuth provider. Uploaded profile images are stored on our servers and associated with your account.

1.7 Website and Application Analytics

We use Google Analytics on www.agent-one.dev and in the AgentOne desktop application to collect usage data such as page views, route views, button clicks, settings interactions, browser or device context, and general geographic region. This data helps us understand how the Service is used and improve it.

On the website, this analytics data is collected through Google Analytics. In the desktop application, usage analytics may also be associated with your signed-in AgentOne account using an internal account identifier sent to Google Analytics as a User-ID. This is enabled by default for signed-in users and can be switched to anonymous analytics or disabled entirely in the desktop application's Help & Updates settings. We do not send your email address or name to Google Analytics for this purpose.

2. Information Stored Locally

The following data is stored on your device and is not transmitted to our servers unless you opt in to the corresponding sync feature:

  • API keys— stored in your operating system's secure credential store (keyring/keychain) by default. If you opt in to API key sync, your keys are encrypted and stored on our servers to enable cross-device access (see section 1.5).
  • Application settings — stored in local storage unless you opt in to settings sync.

Chat history and messages are synced to our servers when you are signed in (see section 1.3). A local copy is also maintained on your device.

AgentOne provides its own hosted AI models as the default experience. When you use AgentOne-provided models, your prompts and conversations are processed through our infrastructure and routed to the underlying AI providers. You may also connect to third-party AI providers directly using your own API keys, in which case those interactions are between you and those providers. We do not monitor the content of conversations processed by third-party providers using your own keys.

3. How We Use Your Information

  • To create and manage your account.
  • To authenticate you across the website and desktop application via device authorization.
  • To send transactional emails such as email verification and password reset messages.
  • To synchronize your chat history across your devices.
  • To synchronize your application settings across devices (if you opt in).
  • To synchronize your API keys across devices in encrypted form (if you separately opt in).
  • To provide access to AgentOne-hosted AI models and process your requests through our infrastructure.
  • To store and serve your uploaded profile image.
  • To improve, maintain, and operate the Service.

4. Third-Party Services

We use the following third-party services:

  • Google and GitHub OAuth — for social sign-in. When you sign in with Google or GitHub, those providers share your name, email, and profile image with us in accordance with their own privacy policies.
  • Resend — for sending transactional emails (email verification, password resets).
  • Neon — for hosting our PostgreSQL database in the United States.
  • Google Analytics — for website and desktop application usage analytics. In the desktop application, this may include an internal signed-in account identifier used as a Google Analytics User-ID unless you switch to anonymous analytics or disable analytics in settings.

AgentOne provides its own hosted AI models by default, which route your requests through our infrastructure to underlying AI providers. The desktop application may also connect to third-party AI providers (such as OpenRouter, Groq, Google Generative AI, and Cerebras) and MCP servers using API keys and configurations you provide. When using your own API keys, these connections are made directly from your device; we do not proxy, intercept, or log these requests. Your use of third-party AI providers is governed by their respective terms and privacy policies.

5. Data Retention

We retain your account information, synced chat history, synced settings, and synced API keys (if opted in) for as long as your account is active. Session data is retained until the session expires or you sign out. If you delete your account, all associated data on our servers (account information, sessions, chat history, synced settings, synced API keys, and uploaded profile images) will be permanently deleted. Locally stored data on your device (API keys, settings) is under your control and is not affected by account deletion on our servers.

6. Data Security

We take reasonable measures to protect your information. Account passwords are hashed before storage. API keys are stored in your operating system's secure credential store by default. If you opt in to API key sync, your keys are encrypted before transmission and stored in encrypted form on our servers. Chat data synced to our servers is stored securely. Server-side data is hosted on Neon's managed PostgreSQL infrastructure in the United States. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. Your Rights and Choices

  • Disable settings sync — you can turn off settings sync at any time in the desktop application.
  • Disable API key sync — you can turn off API key sync at any time. When disabled, your synced API keys are deleted from our servers.
  • Delete synced chats — you can delete your synced chat history from within the desktop application.
  • Delete your account — contact us to request account deletion and removal of all server-side data, including synced chats, settings, API keys, and profile images.
  • Manage local data — you can delete your local chat history, API keys, and local settings directly from the desktop application at any time.
  • Manage desktop analytics preferences— you can disable desktop usage analytics entirely, or switch between signed-in account association and anonymous analytics, in Help & Updates.
  • Opt out of website analytics — you can use browser extensions or settings to opt out of Google Analytics on the website.

8. Children's Privacy

The Service is not intended for anyone under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page. We encourage you to review this policy periodically. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy or your data, contact us at legal@agent-one.dev.

Terms of ServiceHome