§ Legal

Privacy Policy

Effective date: July 10, 2026

This Privacy Policy explains what information Agents (a product of Essarion) collects, how we use it, who we share it with, and the choices you have. It applies to the Agents platform and website.

Agents is an autonomous AI platform: with your instruction it can read your files, browse the web, run code, and act through accounts you connect. Doing so means sending your content to third-party AI and infrastructure providers, and — where you authorize it — accessing connected accounts on your behalf. Sections 3 and 4 explain this.

01 Information we collect

Depending on how you use Agents, we collect the following categories of information:

  • Account information. When you register, we collect your email address and, optionally, your name. Passwords are stored only as salted bcrypt hashes, never in plain text.
  • Content you provide. The prompts and instructions you submit, the files and documents you upload to your project Drive, and the text we extract from those documents so agents can read them. This content is stored so you and your agents can work with it.
  • Run and conversation data. Your chat sessions and message history, agent run inputs and outputs, tool calls, generated artifacts and code, and the model and provider used for each run.
  • Agent memory. To improve continuity, the platform may store derived, per-project memory of past runs (summaries, facts, and vector embeddings) associated with your account and projects.
  • Connected-account data. If you connect a third-party account (such as Google or Notion), we store an encrypted access token and access the data and scopes you authorize. See Section 3.
  • Captured browser state. When you run browser-automation tasks, the platform may capture and store — in encrypted form — session cookies and local storage for the sites the agent operates on your behalf, so it can complete the task you requested.
  • Billing and usage data. Your plan, subscription status, and usage-metering counters (such as AI credits and input/output token usage).
  • Technical, session, and audit data. Information generated automatically when you use the platform — including request logs, workspace-session records, and audit logs of security-relevant actions (sign-in, uploads, downloads, deletions). Where we log network and device identifiers such as IP address and user-agent, we store them in hashed form. Raw IP and email may be used transiently to enforce rate limits and prevent abuse.
  • Communications. If you contact us at hello@essarion.com, we keep your messages and contact details to respond.

Because agents can read your files and act through your connected accounts, please upload and connect only content and accounts you are authorized to use, and avoid submitting sensitive personal information you do not want processed by the third-party providers described in Section 4.

02 How we use information

We use the information we collect to:

  • provide and operate the platform — run agents, store your projects, files, runs, and memory, and return results to you;
  • authenticate you, keep you signed in, and secure your account and workspace sessions;
  • enforce plan limits, meter usage and credits, and manage subscriptions;
  • maintain, debug, and improve the platform and its agents;
  • prevent, detect, and respond to fraud, abuse, security incidents, and violations of our Terms; and
  • comply with legal obligations and respond to support requests.

We do not sell your personal information, and we do not use the content of your files, runs, or connected accounts to serve you advertising.

03 Autonomous agents & connected accounts

Agents can take actions on your behalf — running code, creating and editing files, operating a web browser, and reading or sending data through accounts you connect. You control what an agent may do through the instructions you give and the integrations and permissions you grant.

  • Google. With your consent, integration scopes can include your email and basic profile, reading and sending email (Gmail), and access to your Google Calendar — used only to perform the tasks you request.
  • Notion. With your consent, access to the Notion workspace content you authorize.
  • Browser automation. When an agent browses on your behalf, it may sign in to and act on third-party sites using credentials or sessions you provide, and the platform may store the resulting session state in encrypted form for the duration of the task.

Access and refresh tokens for connected accounts are stored encrypted(AES-256-GCM). You can disconnect an integration at any time, which revokes our stored token; you may also revoke access directly with the provider. Data accessed through a connected account is processed to carry out your instructions and is subject to that provider's own terms.

04 AI & third-party providers

Delivering agent runs requires sending parts of your content to third-party providers. Depending on the features and models you use, this can include:

  • AI model providers — such as OpenRouter (which routes to underlying large-language-model providers), xAI/Grok, and Anthropic — receive your prompts, relevant file text, and run context so they can plan and generate outputs.
  • Web-search providers (such as Tavily) receive search queries when an agent searches the web.
  • Browser-automation providers (such as Browserbase) run automated browser sessions you request.
  • Identity and integration providers (such as Google and Notion) process sign-in and the integrations you authorize.
  • Infrastructure providers for cloud hosting, databases, and file storage host the platform and your stored content.

These providers process your data under their own terms and privacy policies, which we do not control, and which govern whether inputs may be retained or used to improve their systems. We share only what is reasonably necessary, and we cannot recall content already transmitted to a provider.

05 When we share information

Beyond the providers above, we may share information:

  • to comply with law, regulation, legal process, or an enforceable governmental request;
  • to enforce our Terms, or protect the rights, property, or safety of Essarion, our users, or the public;
  • in connection with a merger, acquisition, financing, or sale of assets, in which case we will seek to ensure the recipient honors this Policy; and
  • with your consent or at your direction.

We do not sell your personal information.

06 Data retention

We retain your account information, files, runs, and memory for as long as your account is active or as needed to provide the platform. Logs, audit records, and technical data are kept for a period sufficient for security, debugging, and abuse prevention. Captured browser session state is short-lived and tied to the task that created it. We may retain certain information longer where required for legal, accounting, or legitimate-business reasons, or in de-identified or aggregated form.

When you delete a file, run, project, or your account, associated records are removed or scheduled for deletion from active systems, subject to backups that age out over time and to any retention the law requires. Disconnecting an integration revokes our stored token. We cannot recall content already transmitted to third-party providers.

07 Cookies & sessions

Agents uses cookies only for essential functionality. We set secure, HTTP-only access_token and refresh_token cookies (SameSite=Strict, and marked Secure in production) so you remain authenticated. Refresh tokens are stored as hashes and rotated on use. Because these cookies are strictly necessary to sign you in, disabling them will prevent the platform from working. We do not use third-party advertising or cross-site tracking cookies.

08 Security

We take reasonable technical and organizational measures to protect your information, including hashing passwords with bcrypt, signing session tokens, encrypting connected- account tokens and captured browser state (AES-256-GCM), hashing stored network identifiers, transmitting data over HTTPS, applying security headers and rate limits, and isolating data per owner and project. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at hello@essarion.com.

09 Your rights & choices

Depending on where you live, you may have rights to access, correct, export, or delete your personal information, to object to or restrict certain processing, or to withdraw consent. You can update your account details, delete files, runs, and projects, disconnect integrations, and request account deletion within the platform.

To exercise any of these rights, email hello@essarion.com. We will respond as required by applicable law and may need to verify your identity first. If you are in the EEA, UK, or a similar jurisdiction, our legal bases for processing include performing our contract with you, our legitimate interests (securing and improving the platform), your consent where required, and compliance with legal obligations.

10 International transfers

We and our providers may process and store information in countries other than the one in which you live, including the United States. Where required, we rely on appropriate safeguards for such transfers. By using the platform, you understand that your information may be transferred to and processed in these locations.

11 Children's privacy

Agents is not intended for children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact us and we will take appropriate steps to delete it.

12 Changes to this Policy

We may update this Privacy Policy from time to time. When we make material changes, we will revise the effective date above and, where appropriate, provide additional notice. Your continued use of the platform after an update means you accept the revised Policy.

13 Contact us

For questions or requests about this Privacy Policy or your data, contact us at hello@essarion.com.

See also our Terms of Service. Questions about this document? Email hello@essarion.com.