AgentBrain
DE EN

Privacy Policy

For agentbrain.ch — compliant with the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR).

This Privacy Policy explains how AgentBrain ("we", "us") collects, processes, and protects your personal data when you use AgentBrain (agentbrain.ch and related services).

We comply with the Swiss Federal Act on Data Protection (FADP) and, where applicable, with the EU General Data Protection Regulation (GDPR).

1. Data Controller

Theshoth Sritharan
AgentBrain
6072 Sachseln
Switzerland
Email: hello@agentbrain.ch

2. Data We Collect

2.1 Account data

When you register, we collect your email address and an encrypted password. When you sign in via third parties (e.g. Google, Apple), we receive your name and email address from that provider.

2.2 Conversations, memories, and Brain content

When you interact with AgentBrain — through chat, MCP surface, or API — your messages are processed and stored as memories in your personal workspace, so that AgentBrain can recall context in future interactions. Memories are scoped to your workspace and not accessible to other users.

2.3 API keys and OAuth tokens

For authentication against the AgentBrain MCP surface, we issue API keys or OAuth client credentials. These are stored hashed in our database. Plaintext secrets are shown only once at creation time and cannot be retrieved afterwards.

2.4 Usage data

We automatically collect technical data such as IP address, browser type, device type, and access timestamp. This data is used for security, audit trail obligations, and service improvement.

3. Purpose of Processing

We process your data for the following purposes:

4. Third Parties and Data Transfers

4.1 Supabase (authentication and database)

We use Supabase for user management and data storage. Supabase processes your account data in EU data centers (Frankfurt). Privacy policy: supabase.com/privacy.

4.2 OpenRouter and AI model providers

Chat messages are routed via OpenRouter or directly to the AI model you select (e.g. Anthropic Claude, OpenAI GPT, Google Gemini). Processing happens on the respective model provider's servers. We do not send personal account data to model providers — only the chat content.

4.3 Hetzner (Brain backend hosting)

Our Brain API and MCP server run on Hetzner dedicated servers in Helsinki (Finland) and Nuremberg (Germany). Hetzner processes technical access data. Privacy policy: hetzner.com/legal/privacy-policy.

4.4 Vercel (frontend hosting)

The website agentbrain.ch is hosted via Vercel. Vercel processes technical access data (IP address, browser information). Privacy policy: vercel.com/legal/privacy-policy.

5. Data Retention and Deletion

Your account data and memories are retained while your account is active. You can delete your account at any time. Upon deletion, all your data — including all stored memories, API keys, and OAuth clients — is permanently deleted within 30 days.

6. Your Rights

You have the following rights regarding your personal data:

To exercise your rights, contact us at hello@agentbrain.ch.

7. Cookies

AgentBrain uses only strictly necessary cookies for authentication and session management. We do not use tracking cookies or advertising cookies. There is no third-party tracking.

8. Data Security

We take appropriate technical and organizational measures to protect your data. Transmission is encrypted (TLS 1.3). Passwords are stored hashed with bcrypt. API keys and OAuth client secrets are also stored hashed. Access to your memories is protected by workspace isolation (row-level security) and API-key or OAuth-token authentication.

9. Changes

We may update this Privacy Policy at any time. For material changes, we will notify you by email or via an in-app notice.

Last updated: 3 June 2026