Privacy Policy

Last updated: March 30, 2026

Datafense is privacy-preserving middleware between AI agents and your personal data. We built this because we believe you should control what AI can see. This policy explains what we collect and how we handle it.

What we collect

Your email address — collected when you sign up through Clerk, our authentication provider. We use it to identify your account.

Gmail OAuth tokens — when you connect your Gmail, Google gives us an access token (not your password). We encrypt this token and store it in Databunker, a dedicated encrypted vault. Our main database never holds your credentials — only a reference ID pointing to the vault.

Audit logs — we log every request an AI agent makes: what it asked for, whether it was allowed, and what data was returned. These logs exist so you can see exactly what your agents are doing.

What we don't do

We don't sell your data. To anyone. Ever.
We don't share your data with third parties.
We don't use your data to train AI models.
We don't read your emails. Your agent gets filtered access based on rules you set — we just pass the data through.

How we protect your data

OAuth tokens are encrypted in Databunker, which runs in an isolated network — it's not accessible from the internet.
Agent API keys are hashed with SHA-256 before storage. We can't read them.
All connections use TLS encryption.
AI agents never see your credentials. They only receive the data your permission rules allow, filtered through our content filters.

Third-party services

We use these services to run Datafense:

Clerk — handles sign-up and sign-in. Their privacy policy.
Google — we use Google OAuth to connect your Gmail. We request read-only access. Google's privacy policy.
Railway — hosts our servers. Their privacy policy.

Deleting your data

You can disconnect any account from your dashboard at any time — this immediately deletes the OAuth token from our vault and revokes access.

To delete your entire account and all associated data (credentials, agents, permissions, audit logs), email us at support@datafense.ai. We'll delete everything.

Your rights

Depending on where you live, you may have additional rights under laws like the GDPR (EU) or CCPA (California). These include:

Access — request a copy of the personal data we hold about you.
Correction — ask us to correct inaccurate data.
Deletion — ask us to delete your data (see "Deleting your data" above).
Portability — request your data in a machine-readable format.
Objection — object to certain processing of your data.

To exercise any of these rights, email support@datafense.ai. We'll respond within 30 days.

Data retention

We keep your data only as long as your account is active. When you delete your account, we delete everything — credentials, agents, permissions, and audit logs. We don't keep backups of deleted data beyond a 30-day rolling window for disaster recovery.

Legal basis for processing (GDPR)

If you're in the EU, our legal bases for processing your data are:

Contract — processing your email address and OAuth tokens is necessary to provide the service you signed up for.
Legitimate interest — audit logging to ensure security and prevent abuse.

Children

Datafense is not for children under 13 (or under 16 in the EU). If you believe a child has created an account, contact us and we'll delete it.

Changes

If we change this policy, we'll update the date at the top and notify you by email for any significant changes.

Contact

Questions? Email support@datafense.ai