Privacy Policy

1. Overview

AutoNomiq ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI agent code generation platform.

2. Information We Collect

2.1 Information You Provide

• Account Information: When you register, we collect your name, email address, and authentication credentials (via Clerk).
• Configuration Data: The agent configurations, role definitions, tool selections, and infrastructure preferences you input to generate code.
• Payment Information: Billing information processed by our payment provider (Paddle). We do not store payment card details.
• Communications: Any correspondence you send to us, including support requests.

2.2 Information We Collect Automatically

• Usage Data: Generation history, feature usage patterns, and session duration.
• Device Information: Browser type, operating system, and device identifiers.
• Log Data: IP address, access times, and pages viewed.

2.3 Information from Third Parties

We receive authentication data from Clerk (our auth provider) and payment confirmation from Paddle (our payment processor).

3. How We Use Your Information

We use your information for the following purposes:

• Service Delivery: To generate AI agent code and CDK stacks based on your configurations.
• Account Management: To create and maintain your account, process payments, and track credit usage.
• Communications: To send account-related emails, respond to inquiries, and provide customer support.
• Improvement:To analyze usage patterns and improve our Service's functionality and user experience.
• Security: To detect and prevent fraud, abuse, and unauthorized access.

4. How We Share Your Information

We do not sell your personal information. We share data only in these circumstances:

• Service Providers: With trusted vendors who help us operate the Service (authentication via Clerk, payments via Paddle, cloud hosting via AWS, AI models via OpenRouter).
• Legal Requirements: When required by law or to protect our rights, safety, or property.
• Business Transfers: In connection with a merger, acquisition, or sale of assets (your data would be transferred as part of that transaction).

5. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Access controls and role-based permissions
• Regular security audits and vulnerability assessments
• Employee training on data protection

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Cookies and Tracking Technologies

We use cookies and similar technologies:

• Essential Cookies: Required for authentication and session management.
• Analytics Cookies: To understand how users interact with our Service (we use aggregated, anonymized data).

You can control cookies through your browser settings. Disabling essential cookies may affect Service functionality.

7. Data Retention

We retain your data as follows:

• Account Data: Retained while your account is active and for 30 days after deletion.
• Generated Code: We do not store your generated code after download. Temporary generation files are deleted within 24 hours.
• Usage Logs: Retained for 12 months for security and analytics purposes.
• Financial Records: Retained for 7 years as required by tax and accounting regulations.

8. Your Rights

Under applicable data protection laws, you have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate data.
• Deletion:Request deletion of your personal data ("right to be forgotten").
• Portability: Request your data in a machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Withdrawal of Consent: Withdraw consent at any time (where processing is based on consent).

To exercise these rights, contact us at privacy@autonomiq.dev. We will respond within 30 days.

9. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, contact us immediately, and we will delete it.

10. International Data Transfers

Your data may be processed in the United States where our servers are located. We ensure appropriate safeguards for international transfers, including Standard Contractual Clauses approved by the European Commission.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

For questions about this Privacy Policy or to exercise your rights, contact us at:

privacy@autonomiq.dev