AgentryAgentry

Privacy Policy

Effective Date: March 12, 2026

Last Updated: March 25, 2026

This Privacy Policy describes how Boiling Kettle Ltd ("Company", "we", "us", or "our") collects, uses, and protects your information when you use the Agentry platform, APIs, and related services ("Service").

1. Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Password (stored in hashed form)
  • Organization name / slug
  • Billing information (processed by Stripe; we do not store full card numbers)

Usage Data

We automatically collect:

  • API request logs (endpoints called, timestamps, response codes)
  • Email sending and receiving metrics (counts, not content)
  • IP addresses used to access the Service
  • Browser and device information when accessing the web dashboard

Email Content

When you send or receive email through the Service:

  • Message headers (to, from, subject, timestamps)
  • Message body content (text and HTML)
  • Attachments

Email content is stored as necessary to provide the Service and is subject to your plan's retention period.

2. How We Use Your Information

We use collected information to:

  • Provide the Service: Process and deliver email, manage inboxes, trigger webhooks, and maintain your account.
  • Enforce our Terms: Monitor for spam, abuse, and prohibited uses as described in our Terms of Service.
  • Improve the Service: Analyze aggregate usage patterns to improve reliability, performance, and features.
  • Communicate with you: Send account-related notifications, security alerts, and service updates.
  • Process payments: Manage subscriptions and billing through our payment processor (Stripe).

3. How We Share Your Information

We do not sell your personal information. We may share information with:

  • Service providers: Third-party services that help us operate the Service, including:
    • Stripe for payment processing
    • Infrastructure providers for hosting, email transmission, storage, and related operations. Those providers run their own security, abuse-detection, and compliance programs; how they process data on our behalf is governed by our agreements with them and their published policies.
    • Supabase for database hosting and authentication
  • Legal requirements: When required by law, legal process, or government request.
  • Protection of rights: When necessary to protect our rights, safety, or property, or that of our users or the public.
  • Business transfers: In connection with a merger, acquisition, or sale of assets.

4. Data Retention

  • Account data is retained for the duration of your account and for a reasonable period after termination for legal and operational purposes.
  • Email content is retained according to your plan's message retention period (e.g., 7 days for Free, 90 days for Pro, 365 days for Enterprise). After the retention period, email content is automatically deleted.
  • Usage logs are retained for 90 days for operational purposes.
  • Billing records are retained as required by applicable tax and financial regulations.

5. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS) for all API and web traffic
  • Encryption at rest for stored data
  • Row-level security policies in our database to enforce tenant isolation
  • Hashed API keys (we never store your API key in plain text)
  • Regular security reviews of our infrastructure

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate personal data.
  • Delete your personal data (subject to legal retention requirements).
  • Export your data in a portable format.
  • Object to certain processing of your data.
  • Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at privacy@agentry.to.

7. Cookies

The web dashboard uses essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies.

8. International Data Transfers

Your data may be processed in countries other than your own, including New Zealand, the United States, and the European Union (where our infrastructure providers operate). We ensure appropriate safeguards are in place for international transfers.

9. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

11. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at: