AgntUX

AgntUX Privacy Policy

Effective Date: May 28, 2026 Last Updated: May 28, 2026 Version: 1.0 Entity: AgntUX, LLC, a Delaware limited liability company ("AgntUX," "we," "us," or "our")

1. Introduction

AgntUX is a knowledge-work assistant that works alongside your AI client (such as Claude). Open-source AgntUX plugins read information from the work tools you connect — for example Slack, Gmail, Jira, your calendar, HubSpot, or Notion — and organize it into an AgntUX workspace: a set of entities, action items, and notes that help you see what needs your attention and draft your next step.

This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and the choices and rights you have. It applies to:

  • the AgntUX websites at agntux.ai and related properties;
  • the AgntUX desktop application;
  • the AgntUX cloud service at app.agntux.ai, including our hosted sync service and our remote Model Context Protocol ("MCP") server; and
  • the AgntUX plugin marketplace and contribution tools.

It applies to both our free (personal) plan and our paid Teams plan. The most important thing to understand is in Section 3: to deliver your action items to your AI client, the AgntUX desktop app uploads your AgntUX workspace to our cloud, where it is encrypted and served back to you. This is true on the free plan as well as on Teams.

This Privacy Policy is incorporated by reference into the AgntUX Terms of Service and, for Teams customers, the AgntUX Data Processing Addendum ("DPA").

2. A Quick Summary

  • We host your AgntUX workspace. On every plan, the desktop app syncs your workspace (your entities, action items, notes, and the source-derived content your plugins produce) to AgntUX's cloud on Amazon Web Services. It is encrypted at rest and served back to your AI client through our MCP server.
  • Your workspace can contain personal data about you and about other people (for example, the senders of emails or Slack messages your plugins read). You are responsible for ensuring you are permitted to bring that data into AgntUX.
  • We do not receive your source-account passwords or access tokens. Plugins sign in to your connected tools on your own device. Our servers store only a hashed reference to a sync token for revocation — never your Slack/Gmail/etc. credentials.
  • We do not sell your personal data, and we do not use your workspace content to train AI foundation models.
  • You can delete your data. Removing files from your workspace removes them from our cloud; closing your account deletes your workspace, subject to short backup and security-log retention.

3. How Your Data Flows

Understanding the data flow is the clearest way to understand this policy.

3.1 On your device

You install AgntUX plugins and connect your work tools (Slack, Gmail, etc.). The plugins authenticate to those tools on your device using credentials you provide there. The plugins read information from those tools and write it into your AgntUX workspace folder on your computer as entities, action items, and notes.

3.2 Sync to the AgntUX cloud

The AgntUX desktop app runs a background sync process. It watches your AgntUX workspace folder and uploads its contents to AgntUX's cloud:

  • file contents are stored as encrypted, content-addressed objects in Amazon S3 (encrypted at rest with AWS KMS); and
  • file metadata (paths, version history, sizes, and which device wrote them) is stored in our PostgreSQL database.

This sync runs on the free plan as well as the Teams plan. The desktop app does not upload your operating-system files generally — only your AgntUX workspace folder, excluding internal/config files (the .agntux/ directory), version-control metadata, and dependency folders.

3.3 Serving your data back (the remote MCP server)

So your AI client can show you your action items and let you act on them, AgntUX runs a remote MCP server. When you (or your AI client on your behalf) connect to it and authorize access, the MCP server reads your workspace back out of our cloud and exposes it to your AI client through the plugins you have installed. Access is scoped to your own containers (and any team containers you belong to on Teams).

3.4 What stays on your device

  • Your connected-source credentials and access tokens (e.g., your Slack or Gmail OAuth tokens). We never receive these. For revocation purposes our servers store only a one-way hash of a sync/refresh token, not the token itself.
  • The internal .agntux/ configuration directory.

4. Our Roles Under Data-Protection Law

AgntUX's role depends on the data:

  • Account, billing, website, support, and analytics data — AgntUX is the controller. We determine how and why this data is processed.
  • Your personal workspace (free or Teams personal container) — we process your workspace content to provide the service to you, in accordance with this Policy and your instructions.
  • Team and leader-view workspaces on Teams — the organization (your employer or the account owner) is the controller, and AgntUX acts as a processor on its behalf under the DPA. The organization decides what data is brought into shared team workspaces.

Where AgntUX acts as a processor, we process data on documented instructions, and data-subject requests are directed to the controlling organization.

5. Categories of Personal Data We Process

5.1 Account and identity data

Email address, display name, organization name and membership, role, authentication metadata, and device identifiers/fingerprints used for license and sync tokens.

5.2 Billing data (Teams)

For paid plans, our payment processor (Stripe) processes your payment details. We store only your Stripe customer and subscription identifiers, plan, seat count, trial/period dates, and payment status. We do not store full card numbers.

5.3 Your AgntUX workspace content

The entities, action items, notes, profile, and other files in your AgntUX workspace, including content your plugins derive from the work tools you connect. This content may contain personal data about you and about third parties (for example, names, email addresses, and message content of people you communicate with). See Section 6.

5.4 Sync and service metadata

File paths, content hashes, version history, byte sizes, the device that wrote each change, sync cursors, sync container identifiers, and license/sync token records.

5.5 Connected-source connection data

The identity of the sources you connect and connection status. We do not store the source credentials or access tokens themselves (Section 3.4).

5.6 Support and communications data

When you contact support or use the in-product feedback widget (Gleap), we process your messages, contact details, and basic diagnostic context.

5.7 Website, device, and usage data

IP address, browser/device type, pages viewed, referring URL, and UTM campaign parameters; plus product-analytics events (via PostHog) and onboarding events. Where we record an email for analytics we reduce it to the domain only. The desktop app's auto-updater periodically (about every six hours) checks our update endpoint, which receives your platform and current version.

6. Third-Party Personal Data in Your Workspace

Because plugins read from tools like email and chat, your workspace will often contain personal data about other people who are not AgntUX users. When you bring that data into AgntUX:

  • you confirm that you are permitted to access and process it (for example, under your employer's policies and the connected service's terms); and
  • where you are acting on behalf of an organization, that organization is the controller of that data and AgntUX is its processor.

We process this third-party data only to provide the AgntUX service to you or your organization, and we apply the same security and retention practices described in this Policy. If you are an individual whose data appears in someone's AgntUX workspace and you wish to exercise rights, please contact the relevant AgntUX user or organization, or reach us at privacy@agntux.ai and we will route your request appropriately.

7. How We Use Personal Data

We use personal data to:

  1. Provide the service — store and sync your workspace, run the remote MCP server, mint license and sync tokens, and operate the desktop and web apps.
  2. Operate accounts and billing — create and manage accounts and organizations, and (for Teams) process subscriptions and reconcile seats.
  3. Secure the service — authenticate devices, detect and prevent abuse and unauthorized access, and maintain integrity.
  4. Support you — answer questions and troubleshoot.
  5. Improve the service — analyze de-identified or aggregated usage to improve features and performance.
  6. Communicate — send service, security, and (with your consent where required) product messages.
  7. Comply with law — meet legal obligations and respond to lawful requests.

We do not use your workspace content to train AI foundation models, and we do not sell personal data.

8. Legal Bases (EEA/UK)

Where the GDPR or UK GDPR applies, we rely on: performance of a contract (providing the service and billing); legitimate interests (securing and improving the service, and operating our business), balanced against your rights; consent (where required, such as certain analytics or marketing); and legal obligation. For Teams shared workspaces, the controlling organization is responsible for the lawful basis of the data it brings in.

9. How AI Processing Works

AgntUX helps your AI client reason over your workspace. When you use AgntUX:

  • our remote MCP server exposes your workspace to your AI client (such as Claude) so it can read your action items and use the plugins you installed; and
  • your AI client sends prompts and data to its model provider (for Claude, that is Anthropic) under your own agreement with that provider. AgntUX does not control that provider's processing.

AI-generated output can be inaccurate or incomplete and should be reviewed. We may perform limited human review for safety and abuse prevention. We do not use your private workspace content to train foundation models.

10. How We Share Personal Data

We share personal data only as described here. We use the following categories of service providers (subprocessors), each bound by contract to protect the data:

ProviderPurpose
Amazon Web Services (S3, KMS)Encrypted storage of workspace content
Supabase / PostgreSQLAuthentication and metadata database
StripePayment processing (Teams)
AnthropicYour AI client's model provider (under your own agreement)
GitHubHosting the public plugin marketplace and contributions
GleapIn-product support and feedback
PostHogProduct analytics

We may also disclose personal data: to professional advisors; in connection with a merger, acquisition, financing, or sale of assets (subject to this Policy); and to comply with law, legal process, or lawful governmental requests, or to protect rights, safety, and the integrity of the service. We do not sell personal data and do not share it for cross-context behavioral advertising.

A current subprocessor list for Teams customers is maintained in the DPA.

11. Storage, Encryption, and Access Controls

  • Workspace content is stored as content-addressed objects in Amazon S3, encrypted at rest with AWS KMS, and is retrieved using short-lived presigned URLs.
  • Metadata is stored in our PostgreSQL database.
  • Access to a given workspace container is restricted to the owning user and, for Teams containers, the members of that team; our MCP server and sync APIs enforce this on every request.
  • We use encryption in transit, scoped access tokens (short-lived JWTs bound to your device), audit logging, and monitoring.

No method of storage or transmission is perfectly secure, and we cannot guarantee absolute security.

12. International Transfers

AgntUX is based in the United States and processes data there. Where we transfer personal data from the EEA, UK, or Switzerland, we use appropriate safeguards such as the European Commission's Standard Contractual Clauses and the UK Addendum. Further detail is provided in the DPA.

13. Data Retention and Deletion

  • Workspace content is retained while it exists in your workspace. When you delete a file, the active pointer is removed and the underlying object is garbage-collected once it is no longer referenced. When you close your account or leave an organization, your relevant workspace data is deleted, subject to short routine backup retention and security-log preservation.
  • Account and billing records are retained as long as needed for the relationship and for legal, tax, and accounting obligations.
  • Analytics and logs are retained for limited periods consistent with their purpose.

You can request deletion as described in Section 14.

14. Your Privacy Rights

Depending on where you live, you may have rights to access, correct, delete, port, restrict, or object to the processing of your personal data, and to withdraw consent.

  • EEA/UK/Switzerland: the rights above under the GDPR/UK GDPR.
  • California (CCPA/CPRA) and other U.S. state laws: the rights to know, access, delete, and correct, and to opt out of sale/share and certain profiling. We do not sell personal data or engage in cross-context behavioral advertising. We will not discriminate against you for exercising your rights.

To exercise rights, email privacy@agntux.ai. We may need to verify your identity. Where AgntUX acts as a processor for an organization (Teams shared workspaces), we will refer your request to that organization.

15. Cookies and Tracking

Our website uses strictly necessary cookies and limited analytics. We use the Gleap feedback widget (which may set cookies) and lightweight analytics that record page views, referrer, and UTM parameters. We do not use third-party advertising cookies. You can control cookies through your browser; disabling some cookies may affect functionality.

16. Plugin Marketplace and Contributors

AgntUX plugins are open source (Apache License 2.0). If you contribute a plugin to the public marketplace (for example, using the agntux-build tool), you sign off under the Developer Certificate of Origin, and your name and email address become part of the public record in commit history and in a contribution-signature file that travels with your plugin. If you choose to provide social handles for credit, you consent to their public use as described at submission time. Do not submit personal data of others in a plugin contribution.

17. Desktop Application Disclosures

The AgntUX desktop app:

  • runs a background sync process that uploads your AgntUX workspace to our cloud as described in Section 3;
  • checks for updates automatically (roughly every six hours and on launch), sending your platform and version to our update endpoint; and
  • writes local logs to your machine for diagnostics.

18. Children's Privacy

The Services are intended for users 18 and older. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us personal data, contact privacy@agntux.ai and we will delete it.

19. Changes to This Policy

We may update this Policy from time to time. We will post the updated version with a new effective date and, for material changes, provide additional notice (such as in-product or email notice) where required by law. Your continued use of the Services after an update means you accept the revised Policy.

20. Contact Us

AgntUX, LLC Attn: Privacy Email: privacy@agntux.ai

If you are in the EEA or UK and have an unresolved concern, you may also have the right to lodge a complaint with your local supervisory authority.