Privacy Policy
Effective date: June 29, 2026
agentmem ("we", "us", "the Platform") respects and protects your privacy. This Policy explains how we collect, use, store, share, and protect your information while providing our coding-agent session cloud-storage service, as well as the rights you may exercise. Please read and understand this Policy carefully before using the Platform.
1. Introduction and Scope
The Platform is a commercial SaaS service for teams. It automatically captures sessions from coding AI agents such as Claude Code, Codex, Cursor, OpenCode, and Gemini, and provides cloud archiving, full-text search, replay, team collaboration, cost metering, and governance & compliance capabilities.
This Policy applies to all use of the Platform through the website agentmem.cloud, the client-side collection program, and related APIs. The Platform is used by organizations and teams; some information may be administered by your organization (tenant) acting as the data controller. In such cases, requests to exercise your rights may need to be submitted through your organization.
2. Information We Collect
2.1 Account Information
When you register, sign in, or are added to a team, we collect your account, name, phone number, and email address, together with account-management information such as the organization/tenant you belong to and your role permissions.
2.2 Captured Session Data
The core function of the Platform is to capture coding-session records. Once you (or your organization) enable collection, we collect the full session content, including:
- User messages and assistant replies;
- The occurrence of reasoning (thinking) and its token counts (the reasoning body is not exposed by default);
- Tool calls (tool_call) and tool results (tool_result);
- Code snippets and file paths involved in the session;
- The model used, token usage, project paths, and timestamps.
Please note: session content is generated by your actual interactions with the agent and may contain personal information, trade secrets, or other sensitive information. See Section 4 for redaction and input guidance.
2.3 Automatically Collected Information
When you access the website or use the service, we automatically collect your IP address, device and browser information, and your operation and access audit logs, used for security protection, troubleshooting, and compliance auditing.
2.4 Payment Information
When you purchase a paid plan, payments are processed through third-party payment channels. We may retain order, plan, and invoicing information, but we do not store your full bank card number or similar sensitive payment credentials.
3. How We Use Information
- To provide, maintain, and improve core features such as session capture, archiving, search, replay, collaboration, metering, and governance;
- For account management, authentication, access control, and multi-tenant isolation;
- To meter usage and token cost, and to process subscriptions, renewals, and invoicing;
- To secure the service, including diagnostics, abuse prevention, and operation auditing;
- To contact you regarding service changes, security incidents, or necessary notices;
- To comply with obligations under applicable laws and regulations.
If we need to use your information for purposes beyond those above, we will obtain your separate consent.
4. Client-Side Redaction and Notice
Before any data is uploaded, the client-side collector redacts common sensitive items (such as secrets, tokens, connection-string passwords, JWTs, ID numbers, phone numbers, and email addresses) on your local machine; the server also maintains a redaction-rule center as a second layer of protection.
This redaction is "best-effort" and not a guarantee. Because session content varies widely, automated rules may fail to identify all sensitive information. Therefore, do not enter content into sessions that you do not want to be collected (including but not limited to production secrets, personal privacy, and un-redacted trade secrets). For content you deliberately enter and that is captured, please assess its sensitivity carefully.
5. Storage of Information
Session and account data are stored in cloud PostgreSQL databases and object storage (OSS). The Platform uses a dual-region physical-isolation architecture: the overseas region runs on AWS and the Chinese mainland region runs on Alibaba Cloud. Data in the two regions is stored independently and is not synchronized across borders. The storage region for your data depends on the service region chosen by your organization.
Retention period: we retain your information for as long as necessary to fulfill the purposes described in this Policy and as required by applicable laws and regulations. We provide a recycle-bin mechanism to recover accidental deletions; when you or your organization deletes data, or after account closure, the relevant data enters a deletion process in accordance with our data-retention policy. Where legal obligations or dispute handling apply, relevant data may be subject to a lawful legal hold until the basis for retention no longer exists.
6. Sharing and Entrusted Processing
We do not sell your personal information to any third party. We share or entrust the processing of information only in the following cases:
- Cloud providers: to provide infrastructure, we entrust data storage and computation to Alibaba Cloud (Chinese mainland region) and AWS (overseas region).
- Payment channels: to complete transactions, order and payment-related information is provided to third-party payment processors.
- Legal requirements: we may disclose information as required by laws and regulations or by lawful requests from judicial or administrative authorities.
We bind processors by agreement to handle information in accordance with this Policy and applicable law, and to apply appropriate security measures.
7. Cookies and Similar Technologies
We use cookies, local storage, and similar technologies to maintain your login session, remember your preferences (such as interface theme), and ensure security. You can manage or clear cookies through your browser settings, but some features may then not work properly. We do not use cookies for cross-site advertising tracking.
8. Data Security Measures
- Transport encryption: the entire site uses HTTPS for encrypted transmission;
- Signed authentication: collection and API calls use HMAC signature authentication;
- Multi-tenant isolation: row-level isolation ensures different tenants' data is mutually invisible;
- Access control: fine-grained ACL-based permission control;
- Audit trail: access and operation audit logs are recorded for key actions.
Although we adopt these reasonable security measures, please understand that no system can guarantee absolute security. In the event of a data-security incident, we will take remedial measures and provide notifications as required by law.
9. Your Rights
To the extent permitted by applicable law, you have the following rights over your own information:
- Access and rectification: view and correct your account and related information;
- Export: obtain a copy of your session data in a readable format;
- Deletion: delete specific sessions or data;
- Withdraw consent: stop collection or withdraw consent previously granted;
- Account closure: close your account and delete associated personal information.
You may exercise these rights through the corresponding features in the product, or by contacting us using the details in Section 13. Where the relevant data is controlled by your organization (tenant), we may need to coordinate with that organization to handle your request. We will respond within a reasonable period after verifying your identity.
10. International Users / GDPR
If you are located in the European Economic Area (EEA), the United Kingdom, or other regions with similar data-protection laws, the following additional terms apply:
- Data controller: for the overseas region, the operating entity identified in Section 13 acts as the controller of your personal data. Where you use the Platform through your organization, that organization is generally the controller and we act as a processor on its instructions.
- Legal basis: we process personal data on the bases of (i) performance of a contract, (ii) your consent, (iii) our legitimate interests (such as service security and improvement), and (iv) compliance with legal obligations.
- Data subject rights: you have the rights of access, rectification, erasure, data portability, restriction of processing, and objection, and the right to withdraw consent at any time without affecting prior lawful processing.
- International transfers: for the overseas region, data is stored on AWS and is not synchronized to the Chinese mainland region. Where personal data is transferred outside the EEA/UK, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses (SCCs) or equivalent mechanisms.
- Right to complain: you have the right to lodge a complaint with your local supervisory authority (for example, your national Data Protection Authority) if you believe our processing infringes applicable law.
11. Protection of Minors
The Platform is a tool for enterprises and development teams. It is not directed to minors and we do not knowingly collect personal information from minors. If you are a minor, please use the service under the guidance of a guardian; if we discover that we have inadvertently collected a minor's information, we will delete it as soon as possible.
12. Updates to This Policy
We may update this Policy from time to time. When we do, we will publish the new version on this page and update the "Effective date". For material changes, we will provide additional notice through appropriate means (such as in-product notices or email). Your continued use of the service after the changes take effect constitutes acceptance of the updated Policy.
13. How to Contact Us
If you have any questions, comments, or complaints about this Policy or our processing of personal information, please contact us:
- Operating entity: [Full legal name of operating entity, to be completed] (unified social credit code and registered address to be completed)
- Email: hello@agentmem.cloud
- Website: agentmem.cloud
We will verify and handle your request as soon as possible after receiving it.