LEGAL
Privacy Policy
Effective date: April 18, 2026 · Autonos Inc.
Autonos Inc. ("we", "us", or "our") operates Agents Memory (the "Service"). This Privacy Policy explains how we collect, use, store, and protect information when you use the Service — including information about you as a customer and information about your end users that you process through the Service. We are committed to privacy by design. We collect only what we need, retain it only as long as necessary, and never sell personal data.
We are committed to privacy by design. We collect only what we need, retain it only as long as necessary, and never sell personal data.
1. Who This Policy Applies To
This policy covers two categories of people:
Customers — developers, companies, and teams that create an account and use the Agents Memory API or dashboard.
End users — the users of your AI agents whose data is processed through the Service on your behalf. You act as the data controller for end user data; we act as the data processor.
2. Information We Collect
2a. Information you provide directly
Account information: name, email address, company name, billing details;
API keys and credentials you create;
Support messages and communications with our team.
2b. Memory Data (submitted via API)
When you call the Agents Memory API, you submit "Memory Data" — agent interaction logs, extracted facts, user profiles, and conversation context. This data belongs to you. We process it solely to provide the Service.
Memory Data may contain personal data about your end users. You are responsible for ensuring you have a lawful basis to submit that data and for providing your end users with appropriate privacy notices.
2c. Usage and technical data
API call logs (timestamps, endpoints called, response codes) — retained for 90 days;
Error logs and performance metrics — used for reliability and debugging;
IP addresses and user agent strings — used for security and fraud prevention;
Browser cookies and session tokens when using the dashboard.
3. How We Use Your Information
To provision, operate, and maintain the Service;
To authenticate you and secure your account;
To process payments and manage your subscription;
To send transactional emails (account alerts, invoices, security notices);
To respond to support requests;
To monitor and improve Service performance and reliability;
To detect and prevent abuse, fraud, or security threats;
To comply with legal obligations.
We do not use your Memory Data or your end users' data to train machine learning models without your explicit opt-in consent.
We do not send unsolicited marketing emails without your consent, and you can unsubscribe at any time.
4. Data Retention
You may request deletion of your Memory Data at any time. We will process deletion requests within 30 days. Note that deleted data cannot be recovered.
Memory Data: retained for the duration of your subscription. Upon account closure, retained for up to 90 days then permanently deleted.
Account information: retained for the duration of your account and for up to 3 years after closure for legal and billing purposes.
API call logs: retained for 90 days for debugging and security monitoring.
Billing records: retained for 7 years as required by tax and financial regulations.
5. Third-Party Processors
We share data with third-party sub-processors only to the extent necessary to provide the Service. Our current sub-processors include:
MongoDB Atlas
Long-term memory storage
US / EU
Redis Cloud
Session memory cache
US / EU
Stripe
Payment processing
US
AWS
Cloud infrastructure
US / EU
Resend
Transactional email delivery
US
Sentry
Error monitoring
US
All sub-processors are bound by data processing agreements. We do not sell your data to any third party.
6. International Data Transfers
Our infrastructure is primarily based in the United States. If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your data may be transferred to and processed in the US. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for such transfers, and all sub-processors are required to maintain equivalent safeguards.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
Access: request a copy of the personal data we hold about you;
Correction: request correction of inaccurate data;
Deletion: request deletion of your personal data;
Portability: receive your data in a machine-readable format;
Restriction: request that we limit processing of your data;
Objection: object to processing based on legitimate interests;
Opt-out of sale: we do not sell personal data; this right is always honored (CCPA).
To exercise any of these rights, email us at info@autonos.ai. We will respond within 30 days. We may need to verify your identity before processing your request.
If you are an EEA resident, you have the right to lodge a complaint with your local data protection authority.
8. Cookies and Tracking
The Agents Memory dashboard uses the following cookies:
Functional
session
Stores dashboard UI preferences
Strictly necessary
csrf
Prevents cross-site request forgery
Strictly necessary
preferences
Authenticates your dashboard session
We do not use advertising, analytics, or tracking cookies. The API itself does not set cookies on your end users' browsers.
9. Security
We implement industry-standard security measures including:
Encryption in transit (TLS 1.2+) and at rest (AES-256);
API key hashing — we never store raw API keys;
Role-based access control for internal systems;
Regular security reviews and dependency audits.
No system is perfectly secure. If you discover a security vulnerability, please report it responsibly to security@autonos.ai.
10. Children's Privacy
The Service is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at info@autonos.ai and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notice at least 14 days before they take effect. The "Effective date" at the top of this page reflects the date of the last update. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.
12. Contact Us
For privacy-related questions or to exercise your rights, contact our privacy team: