Privacy Policy

Alpha Speed Consulting, LLC ("Company," "we," "us," or "our") operates the AgentVault SaaS platform, consulting services, and associated digital properties including social media accounts on platforms such as TikTok, Instagram, LinkedIn, YouTube, and our website (collectively, the "Services").

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you interact with our Services. By using our Services, you consent to the practices described in this policy.

We collect information in the following ways:

A. Information You Provide Directly

• Account Information: Email address and subscription tier when you register for AgentVault. If you engage consulting services, we may also collect your name, company name, and contact details.
• Payment Information: Billing address and payment card details (processed securely through Stripe; we do not store full card numbers).
• Consulting Inquiries: Information you provide when requesting or engaging consulting services, including project details, business information, and communications.
• Communications: Content of emails, support tickets, feedback, or messages you send to us.
• Social Media Interactions: Comments, direct messages, or other interactions you have with our accounts on TikTok and other platforms.

B. Information Collected Automatically (Server-Side)

• Website Analytics: Event data including page paths, navigation patterns, UTM campaign parameters, scroll depth, CTA interactions, and referring URLs. Analytics events are temporarily cached in your browser's local storage before being synced to our servers.
• IP Addresses: IP addresses are processed by Google Analytics (with IP anonymization enabled) and by Meta Pixel and TikTok Pixel if you have consented to marketing cookies. We do not store IP addresses directly in our own systems.
• Tool Usage Logs: When you use AgentVault, we log the tool name and timestamp of each tool invocation linked to your license key. This is used for rate limiting, abuse detection, and billing dispute resolution. Retained for 12 months on a rolling basis.
• Machine Fingerprint: Each license validation request transmits a one-way hash (SHA-256, first 16 characters) derived from your machine's hostname, CPU architecture, and operating system. This fingerprint is not stored on our servers — it is used only to verify token integrity for offline fallback.
• Cookies & Tracking: Cookies, web beacons, and similar technologies (see Section 7).

C. Local Data Stored on Your Machine (AgentVault SDK)

The AgentVault SDK stores data locally on your machine under ~/.agentvault/. This data never leaves your device unless you explicitly share it. You are in control of this data.

• License & Token Files: ~/.agentvault/config.json (your license key), ~/.agentvault/token.jwt (a 24-hour session token for offline validation), and ~/.agentvault/license_cache.json (cached manifest). These are auto-managed by the SDK.
• Governance Audit Chain: ~/.agentvault/data/governance/audit_chain.jsonl — a tamper-evident, hash-chained log of every agent tool invocation, including tool name, agent, and a short curated action preview (max 120 characters). Full payloads are never stored. This log is retained indefinitely on your local machine to preserve audit chain integrity; it cannot be selectively deleted without breaking the chain.
• Agent Memory: ~/.agentvault/data/memory/ — content you provide to agents is stored locally as persistent memory. This is user-controlled and can be cleared at any time using the memory_forget MCP tool.
• Workflow Run Records: ~/.agentvault/data/workflows/runs/ — workflow execution history retained locally for 90 days, then automatically purged.
• Gmail Analysis Data: If you use the Gmail integration, inbox analysis results (sender statistics, deletion patterns) are cached locally at ~/.agentvault/data/gmail/ for 30 days, then automatically purged.

D. Information from Third Parties

• Business contact data from lead generation and marketing platforms.
• Analytics data from social media platforms (e.g., TikTok Analytics, LinkedIn Insights) regarding engagement with our content — this data is typically aggregated and non-identifiable.

We do not sell your personal information. We may share it in the following limited circumstances:

• Service Providers: Trusted third-party vendors who assist in operating our platform (e.g., cloud hosting, payment processing, email delivery, analytics). These providers are contractually bound to protect your data and use it only as directed by us.
• Social Media Platforms: When you interact with our content on TikTok, Instagram, or other platforms, those platforms independently collect and process data per their own privacy policies. We receive only aggregated analytics from these platforms.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, with notice to you.
• Legal Requirements: When required by law, subpoena, court order, or to protect the rights, property, or safety of our company, users, or the public.
• With Your Consent: In any other circumstances where we have obtained your explicit consent.

We retain personal information for as long as necessary to provide the Services, fulfill the purposes described in this policy, or as required by law. The following schedule applies:

We implement industry-standard technical and organizational security measures to protect your personal information, including:

• Encryption of data in transit (TLS/HTTPS) and at rest.
• Role-based access controls limiting employee access to personal data.
• Regular security assessments and vulnerability monitoring.
• Secure data centers with physical access controls.

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. Please notify us immediately at alpha.speed.consulting@gmail.com if you suspect unauthorized access to your account.

We use cookies and similar technologies to enhance your experience. These include:

• Essential Cookies: Required for the platform to function (authentication, session management).
• Analytics Cookies: Help us understand how users interact with our Services (e.g., Google Analytics).
• Marketing Cookies: Used to deliver relevant advertising and track campaign performance.

When you first visit our site, you will be presented with a cookie consent banner allowing you to accept or decline analytics and marketing cookies. Essential cookies required for basic functionality are always active. You may also control cookies through your browser settings. We honor browser-based "Do Not Track" (DNT) signals — when DNT is enabled, third-party marketing pixels (Meta Pixel, TikTok Pixel) will not be injected.

Our content and marketing activities are distributed on platforms including TikTok, Instagram, LinkedIn, YouTube, X (Twitter), and others. Your use of and interactions on these platforms are governed by each platform's own privacy policy — not this one. We encourage you to review:

• TikTok Privacy Policy
• Instagram / Meta Privacy Policy
• LinkedIn Privacy Policy
• YouTube / Google Privacy Policy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected personal information from a person under 18 without verifiable parental consent, we will take steps to delete that information promptly. If you believe we have inadvertently collected such information, please contact us at alpha.speed.consulting@gmail.com.

Regardless of your location, you have the right to:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Opt-Out of Marketing: Unsubscribe from marketing emails at any time using the unsubscribe link or by contacting us.
• Portability: Request your data in a structured, machine-readable format where technically feasible.

To exercise any of these rights, submit a request using our Privacy Request Form or contact us at alpha.speed.consulting@gmail.com. We will respond within 45 days of receiving your request.

AgentVault subscribers can also exercise access and deletion rights directly via the platform API:

• Data Access: Send a GET request to /user/data-export with your X-License-Key header. Returns your account record, masked Stripe identifiers, and your last 1,000 tool usage log entries.
• Account Deletion: Send a DELETE request to /user/account with your X-License-Key header and body {"confirm": "DELETE_MY_ACCOUNT"}. This permanently deletes your account and all associated usage logs. Stripe payment records are retained per the financial compliance exception above. To also remove local data, run governance.py full-purge on your machine.

Under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), California residents have the following additional rights:

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months, as well as the purposes for collection and categories of third parties with whom we share it.
• Right to Delete: You may request deletion of personal information we have collected, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: You may request that we limit our use of sensitive personal information to permitted purposes.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

Categories of Personal Information Collected (past 12 months):

To submit a CCPA request, use our Privacy Request Form or email alpha.speed.consulting@gmail.com with the subject line "CCPA Privacy Request." We may need to verify your identity before processing your request.

Our Services are operated in the United States. If you access our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the U.S., where privacy laws may differ from those in your jurisdiction. By using our Services, you consent to this transfer.

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or Services. We will notify you of material changes by posting the updated policy on our website with a new effective date, and, where required by law, by sending you direct notice via email. Your continued use of the Services after the effective date constitutes your acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Alpha Speed Consulting, LLC
Email: alpha.speed.consulting@gmail.com
Website: alphaspeedai.com