Privacy

Privacy Policy

Last updated: June 2026

Who we are

AgentSwarms ("we", "us") is an educational platform for Agentic AI. This policy explains what data we collect when you use agentswarms.fyi, how we use it, and how you can control it.

We adhere to the UAE Personal Data Protection Law (PDPL) — Federal Decree-Law No. 45 of 2021. You have the right to access, correct, port, restrict, or permanently delete your personal data, and to withdraw consent at any time.

What we collect

  • Account info: email address, display name, first/last name, avatar, role, designation, organization, and bio (only fields you provide).
  • Authentication data: hashed password or Google/Apple OAuth identifier, plus the session tokens needed to keep you signed in.
  • Project data: agents, swarm node graphs, knowledge bases, prompts, skills, chats, and any files you upload. Visible only to you unless you publish them to the community.
  • Usage data: traces of model calls (provider, tokens, latency, cost), gateway usage counters, and aggregated page analytics — used so you can monitor your own usage and so we can understand product use.
  • Contact form: if you write to us via /contact, we store your name, email, and message so we can reply.
  • Provider credentials: third-party API keys you choose to save are encrypted at rest.

Why we collect it (purposes)

  • Provide the service: save your session state, persist your agents/swarms/knowledge bases between visits, and route model calls.
  • Account & security: authenticate sign-ins, send password-reset and email-change confirmations, prevent abuse.
  • Transactional email: welcome message, contact-form replies, certificate delivery, budget alerts you opt into.
  • Product updates: occasional updates about new features (you can unsubscribe from any non-essential email at any time).
  • Product improvement: anonymous aggregate analytics — only after you opt in via the cookie banner.

Cookies & tracking

AgentSwarms uses only the strictly essential cookies required to keep you signed in (Supabase auth tokens) and to remember your theme. We do not place any advertising or cross-site tracking cookies.

Optional analytics (Google Analytics / Google Tag Manager) only load after you click "Accept all" in our cookie banner. If you decline, no analytics scripts are loaded and no analytics cookies are set. You can clear your choice from your browser's site data at any time to be re-prompted.

How long we keep your data (retention)

  • Account & project data: retained for as long as your account exists. When you delete your account from account settings, all linked records (profile, agents, swarms, knowledge bases, chats, traces, credentials) are permanently removed immediately via database cascade.
  • Execution traces & observability data: automatically purged after 30 days.
  • Contact form submissions: kept for up to 24 months for support follow-ups, then deleted.
  • Email suppression list: kept indefinitely so we honour unsubscribes and bounces.
  • Backups: rolling encrypted backups are retained for up to 30 days and then overwritten.

Security & hosting location

AgentSwarms is hosted in the European Union. Application servers, the primary database, file storage, and encrypted backups are all located in EU data centres, so your personal data stays within the EU/EEA at rest. All user data is protected by row-level security at the database layer — meaning queries can only return rows the requesting user owns. Provider API keys you enter are encrypted at rest. We use industry-standard TLS for all traffic, and our infrastructure providers operate under SOC 2 Type II, ISO/IEC 27001, and GDPR compliance frameworks.

Third-party AI providers

When you run an agent, your prompts are sent to the AI provider you've selected (e.g. OpenAI, Anthropic, Google). Their policies apply to that data. We never log raw prompt content beyond what's shown in your own trace inspector.

Your rights under UAE PDPL

You may request access, correction, transfer, restriction, or deletion of your personal data, and withdraw consent at any time. Most rights can be exercised directly from your account settings; for anything else, contact us below. Account deletion is permanent and immediate.

Contact

Questions about this policy or a PDPL data request? Use the contact form and we'll respond within 1–2 business days.