Privacy Policy

1. Introduction

Digital Envision LLC ("we", "us", "our", "the Company"), a Delaware limited liability company, operates AgentPowers at agentpowers.ai ("the Service", "the Platform"). This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your personal information when you visit our website, create an account, make purchases, or sell Skills on our marketplace.

We are committed to protecting your privacy and handling your personal data responsibly. This policy complies with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA) and the California Consumer Privacy Act (CCPA) for California residents.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Data Controller

For the purposes of the GDPR and other applicable data protection laws, the data controller is:

Digital Envision LLC
16192 Coastal Highway
Lewes, DE 19958
United States

Email: legal@agentpowers.ai

3. Information We Collect

3.1 Account Information

When you create an account through our authentication provider Clerk, we collect and receive:

• Email address: Required for account creation, communication, and transaction receipts
• Display name: Your chosen public name on the marketplace
• Profile picture: Optional avatar image you upload or import from OAuth providers
• Authentication identifiers: Unique user IDs generated by Clerk for account management

If you register or sign in using Google or GitHub OAuth, we receive your public profile information from those services, including your name, email address, and profile picture. We do not receive your passwords from these OAuth providers.

3.2 Payment and Transaction Information

When you make a purchase or receive payouts as a seller, payment processing is handled by Stripe. We collect and store:

• Transaction records: Purchase amounts, timestamps, Skill identifiers, and license codes
• Stripe customer/account IDs: Used to link your AgentPowers account to Stripe
• Payout records: For sellers, payout amounts, dates, and status through Stripe Connect

We do not store your credit card numbers, bank account numbers, or other full payment instrument details on our servers. All sensitive payment data is handled exclusively by Stripe, a PCI DSS Level 1 certified payment processor. Please refer to Stripe's Privacy Policy for details on how they handle your payment information.

3.3 Seller Profile Information

If you register as a seller, we additionally collect:

• Public profile details: Bio, website URL, GitHub URL, LinkedIn URL, and Twitter/X URL
• Stripe Connect account information: Required for processing payouts
• Skill content: The Skills you publish, including code, descriptions, metadata, and associated documentation
• Revenue and sales data: Sales counts, earnings, commission amounts, and download statistics

3.4 Usage and Analytics Data

We automatically collect certain information about how you interact with the Service through Vercel Analytics, our privacy-focused analytics provider:

• Pages visited and navigation paths within the Platform
• Referring URLs and how you arrived at the Platform
• Device information: Browser type, operating system, and screen resolution
• Geographic location: Country and region level only (not precise location)
• Performance data: Page load times and interaction metrics

Vercel Analytics does not use cookies for tracking and does not collect personally identifiable information. Analytics data is aggregated and cannot be used to identify individual users.

3.5 Search Data

We may collect search queries you enter on the Platform to improve search functionality and understand marketplace demand. Search data is not linked to your personal identity.

3.6 Communication Data

If you contact us via email or through the Platform, we collect the content of your messages along with your email address and any other information you choose to provide.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal data on the following legal bases:

• Contractual necessity (Art. 6(1)(b) GDPR): Processing necessary to provide the Service, process purchases, deliver license codes, and manage seller payouts
• Legitimate interests (Art. 6(1)(f) GDPR): Processing for fraud prevention, security scanning of Skills, Platform analytics and improvement, and enforcing our Terms
• Legal obligation (Art. 6(1)(c) GDPR): Processing required by tax laws, financial regulations, or legal processes
• Consent (Art. 6(1)(a) GDPR): Where applicable, for optional marketing communications or non-essential processing. You may withdraw consent at any time

5. How We Use Your Information

We use the information we collect for the following purposes:

5.1 Service Operation

• Provide, maintain, and operate the marketplace
• Authenticate your identity and manage your account
• Process purchases and deliver license codes to buyers
• Process seller payouts through Stripe Connect
• Display public seller profiles and Skill listings

5.2 Communication

• Send transactional emails (purchase confirmations, license codes, payout notifications)
• Notify you of important changes to the Service, Terms of Service, or Privacy Policy
• Respond to your support requests, inquiries, and feedback

5.3 Security and Trust

• Perform automated security scanning on published Skills
• Detect, prevent, and investigate fraudulent activity or unauthorized access
• Enforce our Terms of Service and protect our rights and the rights of our users

5.4 Improvement and Analytics

• Analyze aggregated usage patterns to improve the marketplace experience
• Monitor Platform performance and identify technical issues
• Develop new features and services based on user needs

6. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We share your information only in the following limited circumstances:

6.1 Service Providers

We share data with the following third-party service providers who process data on our behalf:

• Clerk (clerk.com) — Authentication and identity management. Receives your email address, name, and OAuth profile data. Clerk is SOC 2 Type II certified. Clerk Privacy Policy
• Stripe (stripe.com) — Payment processing and seller payouts via Stripe Connect. Receives payment information, transaction details, and seller payout information. Stripe is PCI DSS Level 1 certified. Stripe Privacy Policy
• Vercel (vercel.com) — Website hosting and privacy-focused analytics. Receives aggregated, non-personally-identifiable usage data. Vercel Privacy Policy

6.2 Public Information

Certain information is made publicly visible on the Platform by design:

• Seller profiles: Display name, bio, website, social links, avatar, and published Skills
• Reviews: Your display name and review content are visible on Skill listings
• Buyer display names: May appear in seller dashboards as purchase records

6.3 Legal and Safety Disclosures

We may disclose your information when we believe in good faith that disclosure is necessary to:

• Comply with applicable laws, regulations, legal processes, or enforceable governmental requests
• Enforce our Terms of Service, including investigation of potential violations
• Detect, prevent, or address fraud, security issues, or technical problems
• Protect against harm to the rights, property, or safety of Digital Envision LLC, our users, or the public

6.4 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal data may be transferred to the acquiring entity. We will provide notice before your personal information becomes subject to a different privacy policy.

7. Cookies and Tracking Technologies

7.1 Essential Cookies

We use strictly necessary cookies for authentication and session management. These cookies are required for the Platform to function and cannot be disabled. They include:

• Authentication session cookies: Managed by Clerk to maintain your login state
• Security cookies: CSRF protection and fraud prevention tokens

7.2 Analytics

We use Vercel Analytics for understanding Platform usage. Vercel Analytics is privacy-focused and does not use cookies for tracking purposes. It collects aggregated, anonymized data that cannot be used to identify individual users.

7.3 No Marketing or Advertising Cookies

We do not use third-party advertising cookies, tracking pixels, or behavioral advertising technologies. We do not participate in ad networks or serve targeted advertisements.

7.4 Managing Cookies

You can control and manage cookies through your browser settings. Please note that disabling essential cookies may prevent you from logging in or using authenticated features of the Platform. Refer to your browser's help documentation for instructions on managing cookies.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS/HTTPS
• Secure authentication: User authentication is handled by Clerk, a SOC 2 Type II certified provider with enterprise-grade security practices
• Payment security: All payment processing is handled by Stripe, which maintains PCI DSS Level 1 certification, the highest level of payment security compliance
• Access controls: Access to personal data is restricted to authorized personnel on a need-to-know basis
• Security scanning: All published Skills undergo automated security scanning to protect buyers from malicious code

Despite our efforts, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security and are not responsible for the security measures of third-party services (Clerk, Stripe, Vercel) beyond our reasonable oversight.

9. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes described in this policy:

• Account data: Retained for as long as your account is active. Upon account deletion, personal data is removed within 30 days, except where retention is required by law
• Transaction records: Retained for a minimum of 7 years as required by tax and financial regulations
• Seller payout records: Retained for a minimum of 7 years for tax compliance and legal purposes
• Analytics data: Aggregated analytics data is retained indefinitely as it does not contain personally identifiable information
• Communication records: Support correspondence is retained for 3 years from the date of the last interaction
• Security logs: Access and security logs are retained for 1 year

When personal data is no longer required, it is securely deleted or anonymized so that it can no longer be associated with you.

10. Your Rights Under GDPR (EEA Residents)

If you are a resident of the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the GDPR:

• Right of access (Art. 15): You have the right to request a copy of the personal data we hold about you
• Right to rectification (Art. 16): You have the right to request correction of inaccurate or incomplete personal data
• Right to erasure (Art. 17): You have the right to request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements
• Right to restrict processing (Art. 18): You have the right to request restriction of processing of your personal data in certain circumstances
• Right to data portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format
• Right to object (Art. 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes
• Right to withdraw consent (Art. 7(3)): Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal
• Right to lodge a complaint: You have the right to lodge a complaint with your local data protection supervisory authority

To exercise any of these rights, please contact us at legal@agentpowers.ai. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

International Data Transfers

Your personal data may be transferred to and processed in the United States, where Digital Envision LLC is based. The United States may not have data protection laws equivalent to those in the EEA. Where we transfer personal data outside the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or the service provider's certification under applicable frameworks.

11. Your Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

11.1 Right to Know

You have the right to request information about the categories and specific pieces of personal information we have collected about you, the categories of sources from which that information was collected, the business purpose for collecting it, and the categories of third parties with whom we share it.

11.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions (such as transaction records required for tax compliance).

11.3 Right to Opt-Out of Sale

We do not sell your personal information. As defined by the CCPA, we do not sell, rent, or share your personal information with third parties for monetary or other valuable consideration. Therefore, there is no need to opt out of the sale of personal information.

11.4 Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices, provide a different level of service, or suggest any of these actions as a consequence of exercising your rights.

11.5 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

• Identifiers: Name, email address, account username, unique personal identifiers
• Commercial information: Purchase history, transaction records, products/services purchased
• Internet activity: Browsing history on our Platform, search queries, interaction with our website
• Professional information: Seller profile information (GitHub, LinkedIn, website)

11.6 Exercising Your CCPA Rights

To submit a request to know or delete your personal information, please contact us at legal@agentpowers.ai. You may also designate an authorized agent to make a request on your behalf. We will verify your identity before processing any request and respond within 45 days.

12. Children's Privacy

AgentPowers is not intended for users under the age of 18. We do not knowingly collect, solicit, or maintain personal information from anyone under 18 years of age. If we become aware that we have collected personal data from a child under 18, we will take steps to promptly delete that information from our systems.

If you are a parent or guardian and believe that your child under 18 has provided us with personal information, please contact us at legal@agentpowers.ai so we can take appropriate action.

13. Third-Party Links and Services

The Platform may contain links to third-party websites, services, or resources that are not operated or controlled by us. This includes links within Skill descriptions, seller profiles, and external service integrations. We are not responsible for the privacy practices, content, or security of any third-party websites or services.

We encourage you to review the privacy policies of any third-party services you access through the Platform.

14. Do Not Track Signals

Some browsers offer a "Do Not Track" (DNT) signal. Because there is no accepted standard for how to respond to DNT signals, we do not currently respond to them. However, as noted above, we do not use third-party advertising cookies or behavioral tracking technologies.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify registered users of material changes via email at least 15 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you should stop using the Service and may request account deletion.

We recommend reviewing this Privacy Policy periodically to stay informed about how we protect your data.

16. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Digital Envision LLC
16192 Coastal Highway
Lewes, DE 19958
United States

Email: legal@agentpowers.ai

For GDPR-related inquiries, please include "GDPR Request" in your email subject line. For CCPA-related inquiries, please include "CCPA Request" in your email subject line. We will respond to all privacy-related requests within 30 days.