Skip to content
Agent Secret Store

Legal

Privacy Policy

Last updated: March 26, 2026

1. Introduction

One Frequency Inc. (“we”, “us”, “our”) operates Agent Secret Store. This Privacy Policy explains how we collect, use, and protect your information when you use our Service.

2. Information We Collect

Account information:

  • Name, email address, and authentication credentials (via Firebase Auth or Google OAuth)
  • Billing information (processed by Stripe — we do not store card numbers)
  • Organization name and team member details

Usage data:

  • API call counts, secret access patterns, and audit logs
  • IP addresses and user agent strings (for security and audit purposes)
  • Feature usage metrics to improve the Service

Secrets and credentials:

  • Encrypted at rest using AES-256-GCM with per-tenant envelope encryption
  • We cannot access your decrypted secrets — encryption keys are managed by Google Cloud KMS

3. How We Use Your Information

  • Provide, maintain, and improve the Service
  • Process payments and manage subscriptions
  • Send transactional emails (welcome, billing, security alerts)
  • Monitor for abuse and enforce our Terms of Service
  • Generate anonymized, aggregate analytics

4. Third-Party Services

We share data with the following service providers, solely to operate the Service:

  • Google Cloud Platform — Infrastructure, KMS encryption, database hosting
  • Firebase — Authentication
  • Stripe — Payment processing
  • Customer.io — Transactional email
  • Cloudflare — CDN, DDoS protection, DNS

We do not sell your data to third parties.

5. Data Retention

Account data is retained while your account is active. Upon account deletion, personal data is removed within 30 days. Audit logs are retained per your plan tier (24 hours for Free, 90 days for Pro, 1 year+ for Enterprise). Anonymized aggregate data may be retained indefinitely.

6. Security

We implement industry-standard security measures including envelope encryption with Google Cloud KMS key management, TLS in transit, tenant isolation at the database level, and comprehensive audit logging. See our Security Architecture documentation for details.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction or deletion of your data
  • Export your data in a machine-readable format
  • Object to or restrict certain processing
  • Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@agentsecretstore.com.

8. Cookies

We use essential cookies for authentication and session management only. We do not use tracking cookies or third-party advertising cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notice. The “Last updated” date at the top reflects the most recent revision.

10. Contact

Questions about this policy? Contact us at privacy@agentsecretstore.com.

To report abuse or policy violations, email abuse@agentsecretstore.com.