Privacy Policy
Last updated: April 2026
Introduction
CrypticAgent LLC operates crypticagent.io and is committed to protecting user privacy. This policy explains what data we collect, how we use it, and the rights you have over your data. This policy applies to all users worldwide including those in the European Union, United Kingdom, California, and other jurisdictions with specific privacy laws.
Data We Collect
Personal Information
- Name and email address provided during registration.
- Company name and domain.
- Billing information processed and stored by Stripe. CrypticAgent never stores full credit card numbers.
- Phone number if provided for support.
- Profile preferences and settings.
Business and Security Data
- Names and metadata of connected integrations.
- Non-human identity inventory data. names, types, risk scores, and activity logs.
- AI agent names, owners, and behavioral data.
- Alert and incident history.
- Compliance scores and audit logs.
- Support ticket content and communications.
Technical Data
- IP address and approximate location.
- Browser type and version.
- Device information.
- Pages visited and features used within the app.
- Login timestamps and session data.
- Error logs for debugging purposes.
Data We Do NOT Collect
- Actual credential values, passwords, or secret keys. only metadata.
- Personal data of your customers or end users.
- Financial transaction data beyond what is necessary for billing.
How We Use Your Data
- To provide and maintain the CrypticAgent service.
- To process payments and manage subscriptions.
- To send critical security alerts and notifications.
- To provide customer support and respond to inquiries.
- To improve the platform based on usage patterns.
- To send product updates and important announcements.
- To comply with legal obligations.
- To detect and prevent fraud and abuse.
- To generate anonymized and aggregated industry insights. never linked to individual users.
Data Sharing
We do not sell your personal data. We share data only with:
- Stripe for payment processing.
- Supabase for secure data storage and authentication.
- Email service providers for transactional emails only.
- Law enforcement when legally required with valid legal process.
- Successor entities in the event of a merger or acquisition with user notification.
Data Retention
- Account data is retained while your account is active.
- After account deletion data is removed within 30 days.
- Billing records are retained for 7 years as required by law.
- Security logs may be retained for up to 2 years for fraud prevention.
- Support tickets are retained for 3 years.
Data Security
- All data is encrypted in transit using TLS 1.2 or higher.
- All data is encrypted at rest using AES-256 encryption.
- Access to user data is restricted to authorized personnel only.
- We conduct regular security reviews and penetration testing.
- In the event of a data breach we will notify affected users within 72 hours.
User Rights
All users have the right to:
- Access. request a copy of all personal data we hold about you.
- Correction. request correction of inaccurate data.
- Deletion. request deletion of your account and all associated data.
- Portability. export your data in a machine readable format.
- Objection. object to certain types of data processing.
- Restriction. request we limit how we process your data.
To exercise any of these rights contact us at contact@crypticagent.io and we will respond within 30 days.
GDPR Compliance (European Users)
- CrypticAgent processes EU user data under the legal basis of contract performance and legitimate interests.
- EU users have additional rights under GDPR including the right to lodge a complaint with a supervisory authority.
- Data transfers from the EU to the US are conducted under Standard Contractual Clauses.
- Our Data Protection contact is contact@crypticagent.io.
CCPA Compliance (California Users)
- California residents have the right to know what personal information is collected.
- California residents have the right to request deletion of personal information.
- California residents have the right to opt out of the sale of personal information. we do not sell personal information.
- To exercise CCPA rights contact contact@crypticagent.io.
Cookies and Tracking
- CrypticAgent uses essential cookies required for the service to function.
- We use analytics cookies to understand how users interact with the platform. these can be disabled.
- We do not use advertising or tracking cookies.
- Users can manage cookie preferences through the cookie consent banner.
Children's Privacy
- CrypticAgent is not directed at children under 18 years of age.
- We do not knowingly collect personal information from children.
- If we become aware that a child has provided personal information we will delete it immediately.
Third Party Links
- The CrypticAgent platform may contain links to third party websites.
- We are not responsible for the privacy practices of third party sites.
- Users should review the privacy policies of any third party sites they visit.
Data Breach Response and Limitations
While CrypticAgent LLC implements industry-standard security measures to protect your data, no system can guarantee absolute security. In the event of a data breach affecting your data stored within the Service, CrypticAgent LLC will notify affected users in accordance with applicable law but cannot be held liable for damages resulting from such breach beyond the limitations set forth in the Terms of Service.
You acknowledge that transmission of data over the internet is never completely secure. You are responsible for maintaining the confidentiality of your login credentials and for all activity that occurs under your account.
AI Assistant and Automated Recommendations
The CrypticAgent AI Security Assistant uses artificial intelligence to generate responses and recommendations. AI-generated content may contain errors, may not reflect the most current information, and should not be relied upon as definitive professional advice. You are responsible for evaluating and verifying any recommendations before taking action based on them.
Changes to This Policy
- We may update this Privacy Policy from time to time.
- Material changes will be communicated via email 30 days in advance.
- Continued use of the service after changes constitutes acceptance.
Contact
Privacy questions: contact@crypticagent.io
Mailing address: CrypticAgent LLC, Georgia, United States
Important disclaimers
No Professional Advice CrypticAgent is a software tool, not a professional service. The Service and any content, recommendations, analyses, risk scores, or suggestions generated by the Service, including those generated by the AI Security Assistant, are for informational purposes only and do not constitute professional cybersecurity consulting, legal advice, compliance certification, financial advice, or any other form of professional services. For licensed professional services, engage qualified third-party professionals.
No Guarantee of Specific Outcomes CrypticAgent makes no guarantees about specific outcomes from using the Service. This includes but is not limited to guarantees of achieving compliance certification, passing audits, preventing breaches, reducing security costs, or any other specific business outcome. Individual results depend on many factors outside of CrypticAgent's control including your implementation, environment, and ongoing security practices.
Informational only. CrypticAgent compliance scores and reports are informational tools designed to help you track your progress toward various compliance frameworks. They are not official certifications and do not constitute legal compliance or audit certification. For official compliance certification such as SOC 2 Type II, ISO 27001, or HIPAA attestation you must engage a qualified third-party auditor. CrypticAgent LLC is not a certified auditor.