Privacy Policy

This Privacy Policy explains how FindAgent (“FindAgent”, “we”, “us”) collects, uses, shares, and protects your personal data when you visit beta.findagent.cloud, sign in, browse or install agents, publish as a creator, or otherwise interact with the marketplace. FindAgent is a marketplace for cross-LLM AI agents. By using FindAgent you agree to the practices described here.

1. Data we collect

• Account & sign-in data. You sign in with a third-party identity provider (GitHub or Google). We receive your email address and basic profile details (such as your name, username, and avatar) from that provider. We do not store a password.
• Profile & content. Any profile information you add, and the content you publish as a creator — agents, descriptions, system prompts, tool definitions, and example prompts.
• Marketplace activity. Your installs and library, reviews and ratings you write, collections you create, and purchases you make.
• Agent credentials. If an agent needs a credential (such as an API key) to do its job, you may provide one. Credentials are encrypted, used only to operate the agent you provided them for, and never shown back to other users. See section 4.
• Technical and usage data. Standard information such as device and browser type, approximate region, and pages viewed — collected via the analytics tools below, and only after you consent.
• Communications. If you contact us, we keep the content of your message and our reply.

We do not collect special-category (sensitive) data, and we do not knowingly collect data from anyone under the age of 16.

2. How we use your data and our legal basis

• To create and operate your account, deliver agents you install or purchase, and run the marketplace — performance of a contract with you.
• To process payments and creator payouts, and to meet related tax and accounting obligations — contract and legal obligation.
• To keep the service secure, reliable, and functional, to review submissions, prevent abuse, and understand aggregate usage — our legitimate interests, balanced against your rights.
• To run optional analytics that help us improve the product — consent (which you give in the cookie banner and can withdraw at any time).
• To comply with legal obligations where applicable.

We never sell your personal data, and we do not use it for automated decision-making that produces legal effects.

4. Agent credentials

Some agents need a credential you control — for example an API key for a service you already use — to perform their work. When you provide one, it is encrypted at rest, scoped to the agent you provided it for, and used only to run that agent on your behalf. We do not display your credentials back to you in full, share them with creators or other users, or use them for any other purpose. You can remove a credential at any time from your account.

5. Sub-processors

We share the data needed to run the service with these third-party processors, each acting on our instructions under a data-processing agreement:

• Supabase — database, authentication, and storage; stores your account, profile, marketplace activity, and encrypted credentials.
• Vercel — application hosting and delivery, plus privacy-friendly analytics (only after consent).
• Paddle — payments; acts as Merchant of Record for purchases and processes your payment details (we do not store card numbers).
• Cloudflare — asset storage and content delivery.
• Resend — transactional email delivery (such as sign-in, purchase, and creator-decision emails).
• Slack — internal team notifications about marketplace events.
• Sentry — error monitoring (errors-only, with an outbound scrub that strips personally identifying information before any report is sent).
• Google — sign-in (if you choose Google) and analytics (only after consent; see section 3).

6. Retention

We keep your account and marketplace data for as long as your account is active and a reasonable period afterwards, unless you ask us to delete it sooner. Some records (such as transaction and tax records) are kept for the period required by law. Aggregate analytics data is retained according to each provider's standard settings.

7. Your rights

Subject to applicable law (including the GDPR and KVKK), you have the right to access, correct, export (data portability), and delete your personal data; to object to or restrict certain processing; and to withdraw consent at any time. You can export your data and delete your account from your account settings, or email us at team@katatechnology.co. We will respond within the timeframe required by law. You also have the right to lodge a complaint with your local data-protection authority.

8. Security

We apply industry-standard safeguards: encrypted transport (HTTPS), access controls and row-level security on our database, encryption of sensitive credentials at rest, and least-privilege access for our team. No method of transmission or storage is perfectly secure, but we work continuously to protect your data.

9. International transfers

Our providers may process data in regions outside your own. Where data leaves your region, it is protected by appropriate safeguards (such as the providers' standard contractual clauses) consistent with applicable law.

10. Children

FindAgent is not directed to children. You must be at least 16 years old to use FindAgent or submit your data. If you believe a child has provided us data, contact us and we will delete it.

11. Changes to this policy

We may update this policy as the product and our legal obligations evolve. We will post the updated version here and revise the “last updated” date. Material changes will be highlighted where appropriate.

12. Contact

Questions about this policy or your data? Email team@katatechnology.co. See also our Terms of Service.