Privacy Policy

This Privacy Policy ("Policy") describes how Prowex ("we," "us," or "our") collects, uses, stores, shares, and protects personal information when you use the Prowex AI Agents Platform ("Platform"), including our website, APIs, applications, and related services. Prowex is an AI agents platform that enables users to create, configure, and interact with AI-powered agents. These agents can connect to third-party services, execute tools, access knowledge bases, and perform automated tasks on behalf of users. This Policy applies to all users of the Platform, including individual users, team administrators, and API consumers. By accessing or using the Platform, you acknowledge that you have read and understood this Policy. This Policy covers data processed directly by Prowex. When you connect third-party services (GitHub, Slack, Telegram, MCP servers, etc.), those services' own privacy policies also apply to data processed through them.

We collect data in several categories depending on how you interact with the Platform: Account & Registration Data — First name, last name, email address, hashed password, Google OAuth information (if applicable), email verification status, and account timestamps. Agent Configuration Data — Agent names, descriptions, system prompts, AI provider and model selections, tool configurations, advanced settings (temperature, max tokens, etc.), knowledge base references, and schedule configurations. Conversation & Interaction Data — Messages sent to and received from Agents, tool execution logs, planning steps, token usage metrics, and uploaded files. Tool Credentials & Secrets — API keys and tokens for integrated services, encrypted using AES-256-GCM before storage. Plaintext values are never stored or logged. Knowledge Base Documents — Uploaded text documents, vector embeddings generated via OpenAI or Google embedding APIs, and associated metadata. Channel & Integration Data — Telegram channel identifiers, MCP server connection details, and schedule execution history. Technical & Usage Data — IP addresses, browser type, device information, access timestamps, feature usage patterns, and error logs.

Core Service Delivery — Authenticating your identity, managing your account, creating and running AI Agents, processing conversations, executing tool calls, storing knowledge base documents, and executing scheduled tasks. Security & Fraud Prevention — Detecting unauthorized access, monitoring API usage for anomalies, encrypting tool credentials, and enforcing rate limits. Platform Improvement — Analyzing aggregate, anonymized usage patterns to improve features, diagnosing technical issues, and developing new capabilities. Communication — Sending email verification and password reset emails, notifying you of material policy changes, and responding to support requests.

We process your personal data based on the following legal grounds: Contract Performance — Account data, agent configurations, conversation data, and knowledge base documents are necessary to deliver the core service. Legitimate Interest — Technical and usage data for platform security and improvement; tool credential security. Legal Obligation — Required notifications and regulatory compliance. Consent — AI model improvement data is only processed with your explicit opt-in consent.

When you interact with an Agent, your messages and relevant context are sent to the AI model provider you selected (OpenAI, Anthropic, or Google). The provider processes this data to generate responses. Your conversation data, prompts, documents, and agent configurations are never used to train, fine-tune, or improve any AI models. Data sent to third-party AI providers is subject to their respective data usage policies, and we use API configurations that disable training use where available. The Platform uses AI to generate agent responses, execute tool calls, and create planning steps. These are assistive functions and do not make consequential decisions about you without human oversight. Avoid sharing highly sensitive personal information (social security numbers, financial account numbers, medical records) in agent conversations unless absolutely necessary.

The Platform supports integrations with GitHub, Slack, Email (SMTP), OpenAI, and Telegram. When you connect these services, data flows to and from the respective service according to their privacy policies. You can connect custom MCP (Model Context Protocol) servers to extend your Agents' capabilities. You are responsible for reviewing the privacy and security practices of any MCP servers you connect. When you create a knowledge base, your documents are sent to the embedding provider you select (OpenAI or Google) to generate vector representations.

Prowex does not sell, rent, or trade your personal data to third parties for marketing or advertising purposes. We may share your data with: AI Model Providers (to process conversations), Cloud Infrastructure Providers (to host the Platform), Third-Party Tool Services (only when you explicitly connect them), MCP Servers (only when you configure them), Legal and Regulatory Bodies (when required by law), and in connection with Business Transfers (with prior notice). We maintain Data Processing Agreements with all service providers who process personal data on our behalf.

We retain your data only as long as necessary: Account data is kept for the duration of your account plus 30 days after deletion. Agent configurations are kept until you delete the agent or your account. Conversation history is retained for 90 days. Tool credentials are kept until you revoke them. Knowledge base documents are kept until you delete them. Technical logs are retained for 90 days. Backups are retained for 30 days after primary deletion.

We implement comprehensive measures to protect your data: Encryption — TLS 1.2+ for data in transit, AES-256 for data at rest, AES-256-GCM for tool credentials, and bcrypt hashing for passwords. Access Controls — JWT-based authentication, role-based access controls, principle of least privilege, and regular access reviews. Infrastructure — Cloud hosting with SOC 2 / ISO 27001 certification, regular security assessments, automated vulnerability scanning, and incident response procedures.

Depending on your location, you may have the following rights: Access, Correction, Deletion, Portability, Restrict Processing, Object to Processing, Withdraw Consent, Opt Out of Sale/Sharing, Non-Discrimination, and review of Automated Decisions. To exercise any of these rights, contact us at [email protected]. We will respond within the timeframe required by applicable law (generally 30 days for GDPR, 45 days for CCPA).

Your data may be transferred to and processed in countries outside your country of residence. We use Standard Contractual Clauses (SCCs), adequacy decisions, and Binding Corporate Rules to safeguard international transfers.

Prowex uses minimal cookies and local storage: an Authentication Token (essential, session duration) and a Theme Preference (functional, persistent). We do not currently use third-party analytics, advertising cookies, or tracking pixels. See our Cookie Policy for more details.

The Platform is not intended for users under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will promptly delete it.

We may update this Policy from time to time. When we make material changes, we will update the Effective Date, notify you via email or a prominent notice at least 30 days before changes take effect, and maintain a version history.

For privacy-related inquiries, data subject requests, or complaints, contact our Privacy Team at [email protected]. We will respond within 30 days (GDPR) or 45 days (CCPA).