Core Agent Labs

Privacy Policy

Effective date: April 3, 2026 · Last updated: April 3, 2026

Core Agent Labs ("we," "us," or "our") operates the Core Agent Labs platform, a cloud-based service that enables organizations to build, deploy, and manage AI assistants powered by their own data. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our website, platform, APIs, and related services (collectively, the "Services").

By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you are using the Services on behalf of an organization, you represent that you are authorized to accept this policy on its behalf.

1. Information We Collect

Account Information

When you create an account or contact us, we may collect your name, email address, company name, job title, and billing information (processed by our payment provider).

Content and Inputs

When you use our Services, you may upload documents, knowledge base content, assistant configurations, system prompts, and queries to AI assistants. This content is processed to deliver the Services and remains under your control within your isolated tenant environment.

Usage Data

We collect information about how you interact with the Services, including features used, assistant interactions (metadata such as timestamps and token counts), and actions taken within the platform.

Automatic Data

When you access our Services, we automatically collect certain technical information, including your IP address, browser type and version, operating system, device identifiers, referring URLs, and pages visited.

2. How We Use Your Data

We use the information we collect to:

  • Provide and operate the Services — including processing your queries, retrieving relevant content from your knowledge bases, and generating AI assistant responses.
  • Maintain security and prevent abuse — including monitoring for unauthorized access, fraud, and violations of our terms.
  • Improve the platform — using aggregated, anonymized usage analytics to understand how our Services are used and identify areas for improvement.
  • Communicate with you — including sending service announcements, security alerts, and responding to your inquiries.
  • Comply with legal obligations — including responding to lawful requests and meeting regulatory requirements.

We do NOT use your content, uploaded documents, knowledge base data, or AI assistant interactions to train AI models. Your data is yours — it is never used to improve or fine-tune any machine learning models.

3. Data Sharing and Disclosure

We do not sell your personal information. We may share information in the following limited circumstances:

  • Service providers — We work with third-party providers (hosting, payment processing, analytics) who process data on our behalf under strict contractual obligations.
  • AI model providers — When your assistants generate responses, queries are sent to the AI model provider you have selected (e.g., Anthropic, OpenAI, Google). These providers process queries according to their own API data usage policies, which generally do not use API inputs for model training.
  • Legal requirements — We may disclose information if required by law, regulation, legal process, or governmental request.
  • Business transfers — In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

4. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption — All data is encrypted at rest and in transit using TLS 1.2+.
  • Tenant isolation — Each organization's data is fully isolated. There is no cross-tenant access to knowledge bases, assistants, or content.
  • Role-based access control — Granular permissions at the assistant, knowledge base, and tool level.
  • Audit logging — Full audit trail of administrative actions for compliance and oversight.

While we strive to protect your information, no method of transmission or storage is completely secure. We cannot guarantee absolute security.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Services. When you delete your account, we will delete or anonymize your personal data within a reasonable period, unless we are required to retain it for legal or regulatory purposes.

You may request deletion of specific content or your entire account at any time by contacting us at [email protected].

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — Request a copy of the personal data we hold about you.
  • Rectification — Request correction of inaccurate or incomplete data.
  • Erasure — Request deletion of your personal data.
  • Portability — Request a machine-readable copy of your data.
  • Restriction — Request that we limit how we process your data.
  • Objection — Object to our processing of your data for certain purposes.
  • Withdraw consent — Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days, as required by applicable law.

If you are in the European Economic Area (EEA), you also have the right to lodge a complaint with your local data protection authority.

7. Cookies

We use cookies and similar technologies to operate and improve our Services:

  • Essential cookies — Required for authentication, security, and core functionality.
  • Analytics cookies — Help us understand how the Services are used so we can improve them.

We do not use advertising or tracking cookies. You can manage cookies through your browser settings, though disabling essential cookies may affect the functionality of the Services.

8. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

9. International Data Transfers

Your data may be processed in countries other than your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place, including standard contractual clauses approved by the European Commission or equivalent mechanisms.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a notice in the Services prior to the changes taking effect. Your continued use of the Services after the effective date constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: