Privacy Policy
Last updated: March 15, 2026
1. Introduction
Zagenta (“we,” “us,” or “our”) operates an online marketplace for AI agent software products. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our website, services, and applications (collectively, the “Platform”).
By using the Platform, you agree to the collection and use of information in accordance with this Privacy Policy. This Privacy Policy is incorporated into and subject to our Terms of Service.
2. Information We Collect
2.1 Information You Provide
- Account information: Name, email address, username, profile picture, and account preferences when you create an account through our authentication provider.
- Seller information: Business name, address, tax identification information, payout bank details, and identity verification documents provided through Stripe during seller onboarding.
- Transaction information: Purchase history, payment method (processed by Stripe), billing address, and order details.
- Content: Product listings, descriptions, media uploads, reviews, ratings, comments, and messages sent through the Platform.
- Communications: Emails, support tickets, and contact form submissions you send to us.
2.2 Information Collected Automatically
- Device and browser information: IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
- Usage data: Pages viewed, features used, search queries, click patterns, time spent on pages, and referring URLs.
- Cookies and similar technologies: See Section 9 (Cookies) for details.
2.3 Information from Third Parties
- Authentication provider: Basic profile information (name, email, profile picture) from our authentication service when you sign in.
- Payment processor: Transaction confirmation, payment status, and fraud signals from Stripe. We do not receive or store your full credit card number.
3. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Platform and its features.
- Process transactions, payments, and refunds.
- Verify seller identity and comply with Know Your Customer (KYC) requirements.
- Communicate with you about your account, transactions, and support inquiries.
- Send transactional emails (purchase confirmations, seller notifications, security alerts).
- Display marketplace content: listings, reviews, seller profiles, and purchase history.
- Detect, prevent, and address fraud, abuse, and security issues.
- Enforce our Terms of Service and other policies.
- Improve and optimize the Platform through analytics and usage pattern analysis.
- Comply with legal obligations, including tax reporting and law enforcement requests.
We do not use your personal information for automated decision-making or profiling that produces legal effects concerning you.
4. Legal Basis for Processing
If you are in the European Economic Area (EEA), United Kingdom, or another jurisdiction that requires a legal basis for processing, we process your personal data under the following legal bases:
- Contract performance: Processing necessary to provide the Platform, process transactions, and manage your account.
- Legitimate interests: Fraud prevention, security, product improvement, and analytics — where these interests are not overridden by your data protection rights.
- Legal obligation: Tax reporting, KYC/AML compliance, and responding to legal requests.
- Consent: Marketing communications and non-essential cookies, which you can withdraw at any time.
5. Information Sharing
We do not sell your personal information. We share your information only in the following limited circumstances:
5.1 With Other Users
When you complete a transaction, the Seller sees your username and order details. Your full name, email, and payment details are not shared with Sellers. Buyers see the Seller’s public profile and listing information.
5.2 With Service Providers
We share information with trusted third-party service providers who perform services on our behalf:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing, seller payouts, tax calculation | Transaction details, billing info, seller identity documents |
| Clerk | Authentication and user management | Email, name, profile picture, session data |
| Supabase | Database hosting and storage | Application data (encrypted at rest) |
| Vercel | Website hosting and content delivery | Access logs, IP addresses, request data |
| Resend | Transactional email delivery | Email address, name, email content |
| Upstash | Rate limiting and caching | Request metadata (IP, user ID hashes) |
| Sentry | Error tracking and performance monitoring | Error reports, device info (anonymized where possible) |
| Inngest | Background job processing | Event IDs, job metadata (no PII in event payloads) |
5.3 For Legal Reasons
We may disclose your information if required by law, subpoena, court order, or other legal process, or if we believe disclosure is necessary to:
- Comply with applicable laws or regulations.
- Protect the rights, property, or safety of Zagenta, our users, or the public.
- Detect, prevent, or address fraud, security, or technical issues.
- Enforce our Terms of Service.
5.4 Business Transfers
If Zagenta is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Platform before your information is transferred and becomes subject to a different privacy policy.
6. Data Security
We implement industry-standard security measures to protect your personal information, including:
- Encryption in transit (TLS/HTTPS) for all data transmitted to and from the Platform.
- Encryption at rest for stored data in our database.
- Access controls and role-based permissions for internal systems.
- Regular security reviews and dependency audits.
- Payment card data handled exclusively by Stripe (PCI DSS compliant) and never stored on our servers.
No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. If we become aware of a data breach that affects your personal information, we will notify you and relevant authorities in accordance with applicable law.
7. Data Retention
We retain your personal information for as long as necessary to provide the Platform, fulfill the purposes described in this Privacy Policy, and comply with legal obligations. Specific retention periods:
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion, plus 30 days for recovery |
| Transaction records | 7 years (tax and legal compliance) |
| Seller identity verification | Duration of seller status, plus 5 years (AML/KYC) |
| Support communications | 3 years after ticket resolution |
| Usage and analytics data | 24 months (aggregated and anonymized after 12 months) |
| Server logs | 90 days |
| Cookie data | See cookie-specific retention in Section 9 |
When you delete your account, we anonymize or delete your personal information within 30 days, except for data we are legally required to retain (transaction records, tax data, and dispute records).
8. Your Rights
Depending on your location, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request correction of inaccurate or incomplete personal information.
- Deletion: Request deletion of your personal information, subject to legal retention requirements.
- Data portability: Receive your personal information in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests.
- Restriction: Request restricted processing of your personal information.
- Withdraw consent: Withdraw consent for processing based on consent at any time, without affecting the lawfulness of prior processing.
8.1 CCPA Rights (California Residents)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information we collect, use, disclose, and sell.
- Right to request deletion of your personal information.
- Right to opt out of the sale of personal information (we do not sell personal data).
- Right to non-discrimination for exercising your CCPA rights.
8.2 Exercising Your Rights
To exercise any of these rights, contact us at privacy@zagenta.ai or through your account settings. We will respond to your request within 30 days (or within the timeframe required by applicable law). We may ask you to verify your identity before processing your request.
9. Cookies and Tracking Technologies
We use cookies and similar technologies to operate the Platform, maintain your session, and analyze usage. Here is a summary of the cookies we use:
| Cookie Type | Purpose | Required |
|---|---|---|
| Authentication | Maintain your logged-in session and identity verification | Yes |
| Security | CSRF protection, bot detection, rate limiting | Yes |
| Preferences | Theme (light/dark mode), language, cookie consent state | No |
| Analytics | Anonymous usage statistics to improve the Platform | No |
You can manage your cookie preferences through our cookie consent banner or your browser settings. Disabling required cookies may prevent you from using certain features of the Platform. For more details, see our Cookie Policy.
10. International Data Transfers
Zagenta is based in the United States. If you access the Platform from outside the United States, your information may be transferred to, stored in, and processed in the United States or other countries where our service providers operate.
For transfers from the EEA or UK, we rely on Standard Contractual Clauses approved by the European Commission, or other lawful transfer mechanisms. Our service providers maintain appropriate safeguards for international data transfers.
11. Children's Privacy
The Platform is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will promptly delete that information. If you believe a child has provided us with personal information, please contact us at privacy@zagenta.ai.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. If we make material changes, we will notify you by email or through a prominent notice on the Platform at least 30 days before the changes take effect.
We encourage you to review this Privacy Policy periodically. The “Last updated” date at the top of this page indicates when this Privacy Policy was last revised.
13. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
- Privacy inquiries: privacy@zagenta.ai
- General contact: zagenta.ai/contact
- Data protection requests: privacy@zagenta.ai with subject line “Data Rights Request”
If you are in the EEA and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority.