Jitex
TermsPrivacy

Privacy Policy

Effective date: March 12, 2026

This Privacy Policy describes how Protogy Labs Inc. ("we," "us," or "our") collects, uses, and protects information when you use the Jitex platform, APIs, SDKs, MCP server, and dashboard (collectively, the "Service").

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (if provided via OAuth)
  • OAuth profile data from your identity provider (GitHub, Google, or Microsoft)
  • Team membership and role information

1.2 Connection Credentials

When you connect third-party services, we store encrypted credentials (API keys, OAuth tokens) in our vault. These credentials are:

  • Encrypted at rest using AES-256
  • Only decrypted at the moment of proxied API execution
  • Never exposed to Agents, logs, or any human operator
  • Deletable at any time by revoking the Connection

1.3 Agent Activity Data

When Agents make requests through the Service, we collect and log:

  • Tool name and action type (e.g., "stripe:charges.create")
  • Agent-provided reasoning for the action
  • Confidence scores from intent validation
  • Approval decisions (who approved/rejected, when)
  • Request metadata (timestamps, Agent Key ID, IP address)
  • Parameters hash (a one-way hash of request parameters — not the raw values)

We do not log raw request or response payloads from proxied API calls unless you explicitly enable enhanced logging.

1.4 Usage Data

We automatically collect standard usage data including:

  • Browser type, device information, and IP address
  • Pages visited and features used within the dashboard
  • Performance metrics and error reports

2. How We Use Your Information

We use collected information to:

  • Provide, operate, and maintain the Service
  • Execute approved Agent actions via the credential proxy
  • Deliver approval notifications (email, Slack, webhook)
  • Maintain audit logs for your compliance and operational needs
  • Validate Agent intent using AI models
  • Detect and prevent abuse, fraud, and security incidents
  • Improve the Service and develop new features
  • Communicate with you about your account and the Service

3. AI Processing

The Service uses AI models to validate Agent intent and assign confidence scores. During this process:

  • Agent reasoning and tool call metadata are sent to AI model providers for evaluation
  • We do not send your connection credentials, raw API payloads, or personal data to AI models
  • AI processing results (confidence scores, validation decisions) are stored in the audit log

4. Information Sharing

We do not sell your personal information. We share information only in these cases:

  • Third-party service execution: When an Agent action is approved, we forward the request (with injected credentials) to the target third-party service. We act as a pass-through proxy.
  • Notification delivery: Approval notifications may be sent via email providers, Slack, or webhook endpoints you configure.
  • AI model providers: Agent intent data is processed by AI model providers as described in Section 3.
  • Legal requirements: We may disclose information if required by law, subpoena, or government request.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred.

5. Data Retention

  • Account data: Retained while your account is active and for 30 days after deletion.
  • Audit logs: Retained for 90 days by default. Enterprise plans may configure longer retention.
  • Connection credentials: Deleted immediately when you revoke a Connection or delete your account.
  • Ephemeral credentials: Exist only in memory for the duration of a single API call and are never persisted.

6. Data Security

We implement industry-standard security measures including:

  • AES-256 encryption for stored credentials
  • TLS 1.3 for all data in transit
  • Hashed Agent Keys (original values are never stored)
  • Row-level security policies on all database tables
  • Audit logging of all administrative and Agent activity

Despite these measures, no system is perfectly secure. You are responsible for maintaining the security of your account credentials and Agent Keys.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your account and associated data
  • Export: Request a machine-readable export of your audit data
  • Objection: Object to certain processing of your information

To exercise these rights, contact us at privacy@jitex.io.

8. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies. Essential cookies cannot be disabled as they are necessary for the Service to function.

9. International Transfers

Your information may be processed in the United States or other countries where our service providers operate. By using the Service, you consent to the transfer of your information to these jurisdictions.

10. Children's Privacy

The Service is not directed to individuals under 18. We do not knowingly collect information from children. If we learn we have collected information from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the dashboard. Continued use of the Service after changes take effect constitutes acceptance.

12. Contact

Questions about this Privacy Policy? Contact us at privacy@jitex.io.