Privacy Policy

1. Overview

DriftGentic ("we", "our", or "us") operates a schema drift detection and AI agent observability platform. This Privacy Policy explains how we collect, use, store, and protect information when you use our website at driftgentic.com and our API services (collectively, the "Service"). By using the Service, you agree to the practices described in this policy.

2. Information We Collect

2.1 Account Information

When you create a dashboard account, we collect your email address and a hashed password. We do not store passwords in plain text. Your email is used for account authentication, billing communications, and operational alerts you configure.

2.2 Organization Data

We store the organization name and slug you create, team member email addresses you invite, API keys you generate (stored as hashed values), and project and environment configuration you define.

2.3 Agent Run Data

Our core service involves receiving structured run and event data from AI agents you operate. This includes tool call inputs and outputs, LLM call metadata, schema validation results, timestamps, token counts, and any payload fields your agent submits to our API. You are responsible for ensuring that agent payloads do not contain sensitive personal data unless you have a lawful basis for processing it.

2.4 Usage and Telemetry

We collect aggregate usage metrics including run counts, API call volumes, validate call volumes, error rates, and credit consumption. This data is used to display your dashboard metrics and to operate and improve the platform.

2.5 Billing Information

Billing is processed by Stripe. We do not store credit card numbers or full payment details. We receive and store Stripe customer IDs, subscription plan identifiers, and transaction records (amounts, dates, credit pack purchases) necessary to display your billing history.

3. How We Use Your Information

• –Authenticate your account and manage sessions
• –Deliver the core schema validation and drift detection Service
• –Display run history, event logs, metrics, and alerts in your dashboard
• –Process payments and manage subscription and credit balances
• –Send operational notifications you configure (alert webhooks, builder notifications)
• –Detect and investigate abuse, errors, or security incidents
• –Improve the platform, including training schema registry models on aggregate, anonymized patterns
• –Communicate critical service updates or policy changes

4. Data Infrastructure

The Service is built on Supabase, which runs on AWS infrastructure. Data is stored in PostgreSQL databases with row-level security enforced. All data in transit is encrypted using TLS. Data at rest is encrypted using AES-256.

We use Supabase Edge Functions to process API requests. Function logs may contain request metadata including IP addresses and user agent strings. These logs are retained for a limited period for debugging and security purposes.

5. Data Sharing and Disclosure

We do not sell your data. We share data only in the following circumstances:

• –Supabase — database hosting and authentication provider
• –Stripe — payment processing
• –Legal obligations — if required by law, court order, or to protect rights and safety
• –Business transfers — if DriftGentic is acquired or merges, data may transfer to the successor entity subject to equivalent privacy protections

6. Data Retention

Run and event data is retained for the duration of your subscription plus a 90-day grace period following account closure. Billing records are retained for seven years as required for financial compliance. You may request deletion of your account and associated data by contacting us at the address below.

Schema registry entries are public records and are retained indefinitely unless removed by a maintainer or for policy reasons.

7. Cookies and Tracking

We use session cookies and local storage to maintain authenticated sessions. We do not use third-party advertising cookies or behavioral tracking pixels. Basic access logs are kept by our infrastructure provider (Supabase/AWS) for security and operational purposes.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• –Access the personal data we hold about you
• –Correct inaccurate data
• –Request deletion of your data (subject to legal retention obligations)
• –Export your run and event data in JSON format
• –Opt out of non-essential communications

To exercise any of these rights, contact us at privacy@driftgentic.com.

9. Children's Privacy

The Service is intended for use by businesses and developers and is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to account holders or via a notice on the dashboard. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

11. Contact

Questions about this Privacy Policy or data practices can be directed to:
privacy@driftgentic.com