Privacy Policy

• Your email, name, and organization name when you sign up.
• Metadata about your AI agents' activity (tool calls, model invocations, credential use). This is what you're paying us for.
• Standard server logs (IP, user-agent, timestamps) for security and debugging.

• Your Anthropic / OpenAI / Bedrock API keys. The SDK runs locally; those keys never touch us.
• The contents of secrets the platform detects — only the prefix and that a secret was used.
• Personal data about end-users of your AI agents unless your agent explicitly passes it to cisora.tool() or cisora.modelCall() via inputs or metadata.

• To run the product — show you your agents, your actions, your incidents.
• To generate the compliance reports you ask us to.
• To send you transactional email (welcome, scan results, incident alerts).
• We do not train models on your data. We do not sell it.

• Free plan: agent activity retained for 7 days.
• Pro plan: 90 days.
• Business plan: 1 year.
• Enterprise: custom (configurable).
• You can request deletion of all your data at any time by emailing contact@cisora.io. We delete within 7 days.

• AWS — infrastructure (ap-south-1, Mumbai)
• Anthropic — our anomaly detection engine uses Claude to analyze agent activity
• Stripe — payment processing (when applicable)
• Resend — transactional email

Each has their own privacy policy governing how they handle data.

Privacy questions, data requests, or anything else: contact@cisora.io. We respond within 48 hours.

CISORA LLC · Registered in the United States.