Privacy Policy
Version 1.2 · Effective April 7, 2026 · Last updated April 16, 2026
1. Who we are
AGLedger LLC (“AGLedger,” “we,” “us,” or “our”) operates the website at agledger.ai, agledger.io, and their respective subdomains. We provide self-hosted accountability infrastructure software for AI agents and autonomous systems.
Contact:
AGLedger LLC
Email: privacy@agledger.ai
Web: https://agledger.ai
2. Scope
This Privacy Policy describes how we collect, use, and protect information when you visit our Website (agledger.ai, agledger.io, and their respective subdomains).
This policy does not apply to the AGLedger software product.
AGLedger is self-hosted software that runs in your infrastructure. We do not access, process, or store any data that you put into your AGLedger deployment. Your use of the AGLedger software is governed by the Software License Agreement.
3. Information we collect
3.1 Automatically collected information
When you visit the Website, we automatically collect:
Analytics data via Google Analytics (GA4): pages visited, session duration, referral source, device type, browser type, operating system, and approximate geographic location (country/region derived from IP address). Google Analytics uses cookies (_ga, _ga_*) to distinguish unique visitors.
Server logs collected by our hosting provider (Hostinger): IP address, request timestamps, URLs accessed, HTTP status codes, user agent string.
3.2 Information you provide
If you contact us by email (e.g., sales@agledger.ai, security@agledger.ai, support@agledger.ai), we collect the information you include in your message: name, email address, company name, and message content.
3.3 Developer Edition software telemetry
AGLedger software running without an Enterprise license (“Developer Edition”) sends an anonymous heartbeat to AGLedger approximately every 48 hours. This heartbeat contains:
| Data | Example | Purpose |
|---|---|---|
| Instance identifier | Random UUID | Distinguish unique deployments |
| Software version | 0.15.6 | Understand version adoption |
| Deployment mode | standalone | Understand usage patterns |
| Uptime hours | 72.5 | Understand deployment longevity |
This heartbeat does not contain: mandate content, receipt evidence, database contents, customer names, or any personally identifiable information. IP addresses observed in transit by the telemetry endpoint are not persisted and are not associated with the heartbeat payload.
Opt out: Set AGLEDGER_TELEMETRY=false in your deployment configuration. Enterprise-licensed instances never send telemetry.
3.4 Information we do not collect
We do not require account creation or registration on the Website.
We do not collect payment card data through the Website.
We do not use tracking pixels, social media trackers, or advertising networks.
We do not access any data stored in your self-hosted AGLedger deployment (Enterprise or Developer Edition beyond the anonymous heartbeat described in Section 3.4).
4. How we use information
Website improvement: understanding how visitors use the Website to improve content and navigation.
Analytics: measuring Website traffic, identifying popular content, and understanding visitor demographics at an aggregate level.
Communication: responding to your inquiries and providing requested information.
Security: detecting and preventing abuse, unauthorized access, and security incidents.
We do not use your information for targeted advertising, behavioral profiling, or automated decision-making.
5. How we share information
We share information only with the following categories of recipients:
| Recipient | Purpose | Data shared |
|---|---|---|
| Google (Google Analytics) | Website analytics | Pseudonymized usage data, cookie identifiers |
| Hostinger (hosting provider) | Website hosting | Server logs (IP, timestamps, URLs) |
We do not sell, rent, or trade your personal information to any third party. We do not share personal information for cross-context behavioral advertising.
We may disclose information if required by law, court order, or government request, or to protect the rights, property, or safety of AGLedger, our users, or the public.
6. Cookies
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| _ga | Google Analytics | Distinguishes unique visitors | 2 years |
| _ga_* | Google Analytics | Maintains session state | 2 years |
How to opt out:
Install the Google Analytics Opt-Out Browser Add-on
Configure your browser to block third-party cookies
Use your browser’s “Do Not Track” setting
We do not use cookies for advertising, retargeting, or cross-site tracking.
7. Data retention
Google Analytics data: retained for 14 months (GA4 default), then automatically deleted.
Server logs: retained per Hostinger’s standard retention policy (typically 30 days).
Email correspondence: retained for the duration of the business relationship or inquiry, then deleted upon request.
8. Your rights under GDPR
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation:
Access: request a copy of the personal data we hold about you.
Rectification: request correction of inaccurate personal data.
Erasure: request deletion of your personal data.
Restriction: request that we restrict processing of your personal data.
Portability: request your personal data in a structured, machine-readable format.
Objection: object to processing based on legitimate interests.
Withdraw consent: withdraw consent at any time where processing is based on consent.
Legal basis for processing: we process personal data based on legitimate interest (website analytics for improving the Website and ensuring security). For cookies, we rely on consent where required by applicable law.
To exercise your rights, contact us at privacy@agledger.ai. We will respond within 30 days.
Appeal right (EU/UK). If we decline any request, our response will explain the reason and your right to lodge a complaint with your local data protection authority (for example, the Irish Data Protection Commission, the UK Information Commissioner’s Office, or the supervisory authority of your EEA Member State), and your right to a judicial remedy.
9. Your rights under CCPA/CPRA
If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) provides you with the following rights:
Right to know: request the categories and specific pieces of personal information we have collected about you.
Right to delete: request deletion of your personal information.
Right to correct: request correction of inaccurate personal information.
Right to opt out of sale or sharing: we do not sell or share your personal information for cross-context behavioral advertising.
Right to non-discrimination: we will not discriminate against you for exercising your rights.
Categories of personal information collected in the preceding 12 months:
| Category | Examples | Collected |
|---|---|---|
| Identifiers | IP address, email address (if you contact us) | Yes |
| Internet activity | Pages visited, referral source, session duration | Yes |
| Geolocation | Approximate location (country/region from IP) | Yes |
| Professional information | Company name (if you contact us) | Yes |
We do not collect: financial information, biometric data, protected classifications, sensory data, or precise geolocation.
To exercise your rights, contact us at privacy@agledger.ai. We will verify your identity and respond within 45 days.
Designated method for submitting requests. AGLedger operates exclusively online; email to privacy@agledger.ai is the designated method for submitting requests under California Civil Code § 1798.130(a)(1)(A).
Appeal right (Virginia, Colorado, Connecticut, and similar state laws). If we decline a privacy-rights request, our response will explain the reason and, where required by applicable state law, your right to appeal the decision. To appeal, reply to our denial email within 30 days or send a new request to privacy@agledger.ai with the subject line “Privacy Appeal.” We will respond to appeals within 60 days. If the appeal is denied, you may contact the Attorney General of your state of residence.
10. International data transfers
Website analytics data may be processed by Google in the United States. Google operates under Standard Contractual Clauses and the EU-US Data Privacy Framework for international transfers. Server logs are stored by Hostinger in accordance with their data processing practices.
11. Children’s privacy
The Website is not directed at children under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will delete it promptly.
12. Security
We implement reasonable technical and organizational measures to protect the information we collect, including HTTPS encryption for all Website traffic. However, no method of transmission or storage is 100% secure.
13. Changes to this policy
We may update this Privacy Policy from time to time. We will post the revised version on the Website with an updated “Last Updated” date. For material changes, we will provide notice by prominently posting a notification on the Website.
14. EU / UK representatives
AGLedger is established in the United States. To the extent GDPR Article 27 or UK GDPR Article 27 applies, AGLedger will designate representatives in the European Union and the United Kingdom and publish those designations on the Sub-processor List. Until designations are published, EEA and UK Data Subjects and supervisory authorities may contact AGLedger directly at privacy@agledger.ai.
15. Sub-processors
A current list of sub-processors engaged by AGLedger is published at agledger.ai/subprocessors. AGLedger engages zero sub-processors for data stored in self-hosted Licensee deployments.
16. Contact
For privacy-related inquiries or to exercise your data rights:
AGLedger LLC
Privacy: privacy@agledger.ai
Security: security@agledger.ai
Web: https://agledger.ai
See also: Terms of Service · Acceptable Use Policy · Sub-processors