Legal

Privacy Policy

Effective July 10, 2026 · Last updated July 15, 2026

This Privacy Policy explains how Argenix (“Argenix,” “we,” “us”) handles information across our websites at argenix.ai and argentic.argenix.ai and the Argentic Code desktop application and its backend services (together, the “Services”). It works together with our Terms of Service.

1. The short version

  • Your code stays on your machine. Repositories, files, and Code-side conversations are never stored on our servers.
  • Your conversations are yours. Conversations you save with us are readable only by your account — our admin tooling has no surface that returns their content — and we never use your content to train AI models.
  • What we do collect is operational metadata — sign-ins, message and token counts, model names, error signals, plan and billing state — so we can run the product, bill correctly, prevent abuse, and understand aggregate usage. Not the content of what you write.
  • We don’t sell your personal information and we don’t use advertising trackers.

2. Information you provide

  • Account. Email address, name, and an optional profile photo. With Google sign-in we receive your Google account identifier; with email sign-up we store your password only as a bcrypt hash (never in plain text), plus your email verification status.
  • Billing. Payments are processed by Stripe. We store your plan, subscription status, renewal date, and Stripe customer/subscription identifiers — never your card number.
  • Saved conversations. Conversations in the app’s Chat tab are stored on our servers so they sync and survive restarts: titles, messages, and model settings. They are served only to your signed-in account.
  • Provider credentials. If you connect an AI provider account (for example ChatGPT), we store the OAuth tokens encrypted at rest. API keys you paste into the app are kept in your device’s operating-system keychain, not on our servers, and are forwarded only transiently with each request you make.
  • Gmail connector (optional). If you connect Gmail, we store OAuth tokens encrypted at rest, limited to the scopes you grant. We use it only to send email you explicitly direct, and we store a delivery record (status and message identifier) — never your mailbox contents.
  • Contact and newsletter. If you use a contact or support form on our sites (argenix.ai or argentic.argenix.ai) we receive the name, email, company, subject, and message you submit; the newsletter stores your email address until you unsubscribe.
  • Support. Anything you include in a support request.

3. Information collected automatically

  • Event records. Operational events with timestamps: sign-in and other account-security events, completed AI turns (model used, settings, token counts, and response lengths as character counts — never the text), checkout started, connector activity, and app-session events.
  • Daily activity. Which calendar days your account used the Services — a per-day flag used for active-user and retention statistics, nothing more.
  • Usage counters. A monthly count of AI messages, used to enforce your plan’s allowance.
  • Device and network. IP address and browser or app user-agent, recorded with security-relevant events for abuse prevention and audit.
  • No trackers. We use no advertising cookies and no third-party analytics trackers on the sites or in the app. Local storage on your device holds your session token and preferences (such as theme).

4. What stays on your device

The Code side of Argentic Code works on your local workspace. Your repositories and files, Code-side conversations, and pasted API keys live on your device and are not stored by us. When the agent needs a model response, the relevant content (for example a prompt containing a file snippet) is transmitted through our servers to the AI provider you selected to generate that response — in transit only; we do not store it.

5. How we use information

  • to provide, operate, and maintain the Services and sync your saved data;
  • to authenticate you and keep accounts secure;
  • to bill subscriptions and enforce plan allowances;
  • to prevent, detect, and investigate abuse, fraud, and security incidents;
  • to send transactional email (verification, password reset, billing) and — if you subscribed — product updates you can unsubscribe from at any time;
  • to respond when you contact us;
  • to understand aggregate usage (counts and trends, never content) so we can improve the product;
  • to comply with legal obligations.

Where EEA/UK law applies, our legal bases are performance of a contract, our legitimate interests (security, abuse prevention, product improvement), your consent where we ask for it, and compliance with legal obligations.

6. What we do not do

  • We do not sell your personal information, and we do not share it for cross-context behavioral advertising.
  • We do not use your content to train AI models, and we do not grant our providers the right to do so on our behalf.
  • We do not read your conversations. Our administrative tooling surfaces only metadata (counts, models, tokens, timestamps); it has no capability to return conversation content, and we keep it that way deliberately.
  • We do not store your code or files — the Code side of the product never persists them to our servers.

7. When we share information

  • AI model providers. To generate a response, the necessary conversation content is sent to the provider you selected (such as Anthropic or OpenAI), under their API terms. We do not grant providers the right to train on this content.
  • Service providers. Vendors that host and run the Services for us: Supabase (database hosting), Stripe (payments), Google (sign-in, and the Gmail API if you connect it), our email-delivery provider (transactional email), Vercel (website hosting), and Cloudflare (network delivery). They process data only to provide their service to us.
  • Legal and safety. If required by valid legal process, or where reasonably necessary to protect the Services, our users, or others. Where lawful and practical, we will notify you.
  • Business transfers. If Argenix is involved in a merger, acquisition, or asset sale, data may transfer with it; this policy continues to apply and we will notify you of material changes.

8. Google user data

Argentic Code’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. Gmail access is used solely to send email you explicitly compose and direct. It is never used for advertising, is not read by humans, and is not transferred except as needed to provide that feature or comply with law.

9. Retention

  • Account information: while your account exists.
  • Saved conversations: until you delete them or your account.
  • Encrypted provider and connector credentials: until you disconnect them or delete your account.
  • Usage counters, event records, and daily-activity history: for as long as reasonably necessary for security, abuse prevention, and aggregate analytics.
  • Contact and support messages: while we handle them, together with any email replies we send you, which are stored with the message. Once a message is marked closed it is deleted about 6 months later (a review window), along with our stored replies. Newsletter emails are kept until you unsubscribe.

When you delete your account, your conversations, credentials, connectors, and usage counters are deleted, and everything that remains is irreversibly anonymized: the account record itself is reduced to an identifier-free tombstone, and audit entries and daily-activity history are severed from any identity so they no longer reference you.

10. Your rights and choices

Depending on where you live (including under the GDPR, UK GDPR, and California’s CCPA/CPRA), you may have the right to access a copy of your personal information, correct it, delete it, object to or restrict certain processing, and port it. We do not discriminate against you for exercising these rights, and we do not “sell” or “share” personal information as those terms are defined in the CCPA.

  • You can delete your account yourself at any time — in the app under Settings → Account, or from your account page at argentic.argenix.ai. For anything else (or if you prefer email), write to support@argenix.ai from the address on your account; we will verify the request and respond within the time required by applicable law.
  • Unsubscribe from the newsletter via the link in any issue or by emailing us.
  • You can also lodge a complaint with your local supervisory authority or attorney general.

11. Security

We encrypt data in transit (TLS) and encrypt stored provider and connector credentials at rest. Passwords are stored only as bcrypt hashes; verification and reset tokens are single-use and stored only as hashes. Our database enforces default-deny row-level security readable only by the backend service, and administrative access is restricted to a small allowlist. No system is perfectly secure; if a breach affects your data we will notify you as required by applicable law.

12. International transfers

We operate from the United States, and information is processed and stored in the US and in the locations of the service providers listed above. Where required, we rely on appropriate safeguards for international transfers.

13. Children

The Services are not directed to children under 13, and we do not knowingly collect their personal information. If you believe a child has provided us personal information, contact us and we will delete it.

14. Changes to this policy

When our data practices change — including when a new feature stores new kinds of data — we update this policy and its “last updated” date first, and for material changes we give reasonable notice (on the site, in the app, or by email).

15. Contact

Privacy questions and requests: support@argenix.ai.