Privacy Policy

Last updated: April 4, 2026

Introduction

Agent Approve LLC (“we”, “our”, or “us”) is a California limited liability company that provides a governance layer for AI coding agents. This Privacy Policy explains how we collect, use, and protect your information when you use our Service.

Information We Collect

Account Information

When you create an account, we collect your email address and authentication credentials (via Sign in with Apple). We do not collect your name unless you voluntarily provide it.

Data We Store

When you use Agent Approve, we store the following data, subject to your privacy tier and retention settings:

  • Cleartext metadata (always stored): Tool names, event types, agent names and types, conversation identifiers, timestamps, approval decisions, and decision method (manual, allowlist, or denylist).
  • Command content (stored per your privacy tier): Depending on your privacy tier setting, command content may be stored in full, truncated, or not at all. See “Privacy Tiers” below.
  • Security and audit logs: IP addresses, rate limit events, configuration changes, and hook installation events.
  • Usage statistics: Aggregate counts of approvals, denials, and auto-decisions; response times; device information (iOS version, device type).

Data We Process Transiently

When server-side policy evaluation is enabled (approval mode), our server transiently decrypts command content in memory to evaluate it against your allowlist and denylist rules. This content is used solely for policy matching and is discarded immediately after evaluation. It is never written to our database or logs.

Information We Do Not Collect

We do not collect file contents from your machine, source code, environment variables or secrets (unless they appear in a command you submit), browsing history, or location data.

How We Use Your Information

We use collected information to provide and operate the Service, relay approval requests between your development machine and iOS device, evaluate commands against your configured policies, improve features and performance, detect and prevent security threats, enforce usage limits, and send service-related notifications.

Data Security

Agent Approve provides multiple layers of encryption to protect your data:

  • Transport encryption: All data is encrypted in transit using HTTPS (TLS).
  • Encryption at rest: Data stored in our database is encrypted using organization-scoped keys managed by our hosting infrastructure. These keys are unique to each organization.
  • End-to-end encryption (optional): When you enable end-to-end encryption (E2E), your command content is encrypted on your development machine before it reaches our servers. We do not have access to your E2E encryption keys and cannot read this content. E2E keys are transferred between your devices via QR code pairing or Apple iCloud Keychain sync—they never pass through our servers.

When end-to-end encryption is not enabled, command content stored in our database is encrypted at rest using organization-scoped keys managed by our infrastructure. While we implement commercially reasonable technical and organizational measures to protect personal data, no method of electronic storage is 100% secure.

When end-to-end encryption is enabled, certain metadata remains unencrypted because it is required for routing, policy evaluation, and system operation. This includes: tool names, event types, agent names, conversation identifiers, timestamps, approval decisions, and status fields. This is comparable to how encrypted messaging services protect message content while metadata remains visible for delivery.

Privacy Tiers

Agent Approve offers three privacy tiers that control what command content is stored in your event logs:

  • Minimal: Only tool names are logged. No command content or parameters are stored.
  • Summary: Command content is truncated in logs (first 50 characters).
  • Full: Complete command content is stored in your event history.

When end-to-end encryption is enabled, privacy tier filtering happens before encryption on your machine, so our server never sees more content than your configured tier allows, even transiently.

Regardless of your privacy tier, the iOS app always receives full command content so you can make informed approval decisions. The privacy tier only controls what is retained in your event history after the approval decision is made.

Key Rotation and Forward Secrecy

If you enable end-to-end encryption, you may also configure automatic key rotation with configurable periods (hourly, daily, weekly, or monthly). Key rotation provides forward secrecy: if a current key is compromised, past communications encrypted with earlier keys remain protected. You control the key retention policy, including how many past keys are kept and whether old keys are discarded.

Data Retention

You control how long your event data is retained, from as little as 1 day to up to 1 year. When the retention period expires, data is automatically and permanently deleted. Retention cleanup runs daily.

If you delete your account from the iOS app settings, we delete your live Agent Approve account data. We may retain a limited set of security, billing, and audit records after deletion for up to 24 months, including hashed account identifiers and security event logs, when needed to prevent abuse, investigate misuse, comply with law, or resolve billing disputes.

Data Sharing and Sub-Processors

We do not sell your personal data. We use a limited number of third-party service providers (“sub-processors”) to operate the Service, including providers for database hosting, authentication, real-time messaging, application hosting, push notifications, payment processing, error monitoring, and usage metering. These parties process data only as necessary to perform services on our behalf and are required to protect your data consistent with this Privacy Policy.

No sub-processor receives decrypted command content when end-to-end encryption is enabled. Error monitoring services receive only error metadata and diagnostics, not command content. Usage metering services receive only aggregate counts, not content.

For security reasons, we do not publish our complete sub-processor list publicly. You may request our current sub-processor list at any time by contacting us at hello@agentapprove.com. We will notify active users via email or in-app notification before adding any new sub-processor that materially changes our data processing practices.

We may also disclose data if required by law, court order, or government request, or in connection with a merger, acquisition, or sale of assets. If you have enabled end-to-end encryption, we cannot produce plaintext command content in response to legal requests because we do not have access to your encryption keys.

Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users in accordance with California law (Cal. Civ. Code § 1798.82) and any other applicable laws, without unreasonable delay. Notification will be provided via email or in-app notification and will include the nature of the breach and recommended protective steps.

Your Rights

You may:

  • Request access to or export of your data at any time by contacting us. Data exports will be provided in JSON format within 30 days of your request.
  • Delete your account from the iOS app settings.
  • Update your privacy tier, data retention period, and encryption settings at any time from the iOS app.
  • Revoke consent for data collection by deleting your account or disabling specific features within the app settings.
  • Request our current sub-processor list by contacting us.

Deleting your Agent Approve account does not cancel any App Store subscription. Apple manages subscriptions separately through your Apple account settings.

Children's Privacy

Our Service is not intended for users under 16 years of age. We do not knowingly collect information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly.

International Users

Agent Approve is operated from the United States. If you are located outside the United States, your data will be transferred to and processed in the United States. By using Agent Approve, you consent to this transfer and processing. We comply with applicable privacy laws in the jurisdictions where the Service is made available.

The Service may not be available in all countries or regions. We may restrict availability in certain jurisdictions for regulatory compliance reasons, including encryption export regulations.

California Privacy Rights (CCPA)

California residents have the right to know what personal information is collected, request deletion, opt out of the sale of personal information (we do not sell data), and exercise these rights without discrimination. To exercise these rights, contact us at hello@agentapprove.com.

Push Notifications

When end-to-end encryption is enabled, push notifications use generic text (for example, “Approval request from Cursor”) and do not include command details. The actual command content is only visible after the iOS app decrypts the message on your device.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification at least 14 days before they take effect. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

Contact Us

For privacy-related questions, email us at hello@agentapprove.com.