Agentiff.AI LogoAgentiff.AI
Back to Home

Privacy Policy

Last Updated: March 23, 2026 (Beta Release)

INDUSTRIAL-GRADE PRIVACY

This policy reflects our commitment to data sovereignty. Unlike standard "AI wrappers," Agentiff.AI implements PII Injection Detection and ISO 42001 AI Governance to ensure your data remains yours.

1. INFORMATION WE COLLECT

1.1 Direct Information

  • Account Data: Email and encrypted credentials (scram-sha-256).
  • Workflow Context: Data snippets required for human-in-the-loop approval decisions.
  • Payment Data: Handled exclusively by Stripe (PCI-DSS compliant).

1.2 AI & Execution Metadata (ISO 42001 Audit Trail)

To provide deterministic AI orchestration, we log:

  • LLM Decision Paths: Model used, token consumption, and reasoning context.
  • Tool Call History: Which internal tools were triggered by an agent.
  • Approval Records: Timestamps and identities of human approvers.

1.3 System Observability & Diagnostics

To maintain platform stability and debug workflow failures, we collect system telemetry and server logs via self-hosted observability tools (Grafana and Loki). These logs are stored on our private infrastructure, are never shared with third-party logging vendors, and are automatically purged after 90 days.

2. DATA PROTECTION & SOVEREIGNTY

2.1 Local-First Security

For n8n-hosted workflows, your n8n API keys and third-party credentials are stored locally on your device via the Agentiff.AI application. These secrets are used to provision your host directly and are not transmitted to or stored on Agentiff.AI's central servers.

2.2 Credential Isolation

Your integration credentials (Google, Slack, etc.) are encrypted at rest in our vault using AES-256-GCM and decrypted only at sync time when provisioning your n8n instance. Credentials are never stored in workflow execution history or exposed to AI agents.

2.3 Infrastructure Security

  • Network Security: All services are protected by Cloudflare WAF with HSTS. Application traffic is routed through private network tunnels (TLS).
  • PII Protection: Automated pattern-based PII scanning is active for all AI inputs. No customer PII is stored in long-term vector memory.
  • Local Encryption: Secrets on your device are protected by AES-256-GCM encryption using a device-derived key.

3. DATA RETENTION

  • Approval Context: Deleted within 24 hours of decision.
  • Diagnostic & Audit Logs: Retained for 90 days for SOC 2 compliance.
  • Backups: Encrypted offsite backups are maintained for 7 days.

4. THIRD-PARTY DATA HANDLING

  • OpenAI/Anthropic: Context is sent for real-time processing only. We opt-out of training on your data via API enterprise controls.
  • Infrastructure: Data is processed across a hybrid-cloud environment utilising DigitalOcean and Hetzner bare-metal servers. SSL/TLS encryption is enforced for all data in transit.

Questions? Contact our Data Protection Officer at [email protected]