PRIVACY POLICY

Account data: Email address, display name, and company name when you create an account. Authentication is handled via Firebase Auth.

MCP Scanner: When run without an API key, the scanner operates entirely locally. No data leaves your machine. When run with an API key, scan grades, finding metadata, tool descriptions, and config paths are uploaded to the Shield API. No credentials or secret values are transmitted.

Shield Agent: The agent sends periodic heartbeats (hostname, OS, version, status) and alert events (source IP, user agent, request metadata) to the Shield API over TLS. Alarm secret values are never transmitted to our servers.

Payment data: Processed entirely by Stripe. We store only the Stripe customer ID and subscription status. We never see or store card numbers.

We use your data to operate the Shield platform: authenticate your sessions, enforce tier limits, deliver alerts, and display scan history. We do not sell your data. We do not use customer data for model training.

Alert history retention depends on your plan tier: 7 days (Free), 90 days (Pro/Plus), 1 year (Team). Account data is retained for the lifetime of your account. You may request deletion at any time by contacting privacy@agentdefenders.ai.

You have the right to access, correct, export, or delete your personal data. To exercise these rights, email privacy@agentdefenders.ai. We respond within 30 days.

Privacy inquiries: privacy@agentdefenders.ai

Security issues: security@agentdefenders.ai