privacy policy

we store your account, the agent proxies you configure, and a log of the requests those proxies intercept (including their bodies, since that's what you review). we never sell your data, and we only use a small set of infrastructure providers to run the service.

agent.shield is built by ogbuilds, a uk-based studio. ogbuilds is the data controller for the information described here.

account information. your email address and a hashed (scrypt) password. we never store your password in plain text.

proxy configuration. the agent proxies you create — their names, the target urls you forward to, the policy rules you define, and the generated proxy tokens.

intercepted requests. for every request your agent sends through a proxy, we record the method, path, query, headers, and body, plus the response when one is returned, the policy rule it matched, and the approve/deny decision and who made it. this is the audit log the product exists to give you.

usage. standard server logs (timestamps, status codes) needed to operate and secure the service.

we use this data only to provide agent.shield: to authenticate you, to intercept and evaluate requests against your policies, to hold destructive actions for review, to forward approved requests to your target, and to show you the audit log. we do not sell it or use it for advertising.

we process account and request data to perform our contract with you (providing the service), and we rely on legitimate interests to keep the service secure and operational. where we charge you, payment data is processed to perform that contract.

• vercel — application hosting and serverless execution.
• neon — managed postgres database where your account, proxies, and request log are stored.
• stripe — subscription billing. stripe handles card details directly; we never see or store your full card number.

agent.shield does not use third-party analytics or advertising trackers.

we set a single httpOnly session cookie to keep you signed in. there are no advertising or tracking cookies.

we keep your account and data while your account is active. the request log is retained so you have a durable audit trail; you can delete proxies (which removes their request history) at any time, and we'll delete your account and associated data on request.

under uk gdpr you can access, correct, export, or delete your data, and withdraw consent where we rely on it. contact us at privacy@ogbuilds.ai or via the ogbuilds studio and we'll action it.

some of our subprocessors (vercel, stripe) are based in the united states. where data is transferred outside the uk/eea, it is covered by appropriate safeguards such as standard contractual clauses.

agent.shield is not intended for anyone under 13.

data is encrypted in transit (tls). passwords are stored hashed with scrypt. proxy tokens are random, high-entropy secrets — treat them like credentials, since anyone holding one can route requests through your proxy.

we'll update this page and the date above when our practices change, and flag anything material.

questions? email privacy@ogbuilds.ai or reach us through the ogbuilds studio.