Privacy Policy

Effective Date: June 1, 2026

At VaultStack AI Private Limited ("VaultStack AI", "we", "us", or "our"), your privacy is our top priority. This Privacy Policy governs how we collect, use, and protect your information when you use our AgenticOcean platform, website (agenticocean.app), and related enterprise services.

1. Zero Data Retention Policy for Enterprise Data

We understand that enterprise data is your most valuable asset. AgenticOcean operates on a strict Zero Data Retention policy regarding the data processed by your autonomous agents through our APIs and external LLM providers.

• We do not use your proprietary business data to train our foundational models.
• Prompts, inputs, and outputs processed via AgenticOcean's orchestration layer are ephemeral unless you explicitly opt-in to logging for debugging purposes.
• If you deploy AgenticOcean on-premise or within your own VPC, VaultStack AI has absolutely zero access to your data or workflows.

2. Information We Collect

While we don't retain processing data, we do collect necessary account information to provide our services:

• Account Information: Name, work email address, company name, billing details, and phone number when you register for an account.
• Usage Data: Telemetry data related to API calls, compute usage (NVIDIA GPU hours), and dashboard interactions to ensure billing accuracy and system health.
• Cookies and Tracking: Essential cookies required for authentication and security. We do not use third-party advertising trackers on the AgenticOcean enterprise dashboard.

3. How We Use Your Information

The information we collect is used strictly for the following purposes:

• To provision, maintain, and secure your AgenticOcean environment.
• To process payments and generate enterprise billing reports.
• To communicate critical security updates, platform maintenance windows, and technical support responses.
• To prevent fraud, abuse, and security vulnerabilities.

4. Data Sharing and Third-Party Subprocessors

We do not sell your personal data. We only share information with trusted infrastructure partners (Subprocessors) necessary to run AgenticOcean. This includes:

• Cloud Providers: Such as AWS (as part of the AWS Startup Showcase architecture) and NVIDIA Cloud services for GPU compute.
• Payment Processors: Secure PCI-compliant gateways like Stripe to handle billing.
• Identity Providers: For secure SSO and multi-factor authentication routing.

All Subprocessors are bound by strict Data Processing Agreements (DPAs) that mandate SOC2 equivalent security measures.

5. Security Measures

AgenticOcean is built with enterprise-grade security from day one. We employ AES-256 encryption at rest and TLS 1.3 in transit. Our infrastructure undergoes regular penetration testing, and we implement strict Role-Based Access Control (RBAC) both internally and within your customer dashboard.

6. Your Rights (GDPR & CCPA)

Depending on your jurisdiction, you have the right to:

• Request access to the personal data we hold about you.
• Request deletion of your account and associated personal data ("Right to be Forgotten").
• Export your data in a portable, machine-readable format.
• Opt-out of non-essential marketing communications.

7. Contact Us

If you have any questions about this Privacy Policy or need to execute a Data Processing Agreement (DPA) for your enterprise, please contact our Data Protection Officer at: