Privacy Policy

Last Updated: April 7, 2026

Effective Date: April 7, 2026

1. Introduction

Welcome to AgentKit. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and protect your information when you use our products and services.

AgentKit ("we," "us," or "our") operates the website https://agentkit.best and provides production-ready AI agent kits for developers.

1.1 Controller Information

For the purposes of data protection laws, AgentKit is the data controller responsible for your personal information.

1.2 Contact Information

For privacy questions or to exercise your rights:

• Email: support@agentkit.best
• Discord: https://discord.gg/x7SwTSf3wc
• Website: https://agentkit.best

2. Information We Collect

2.1 Information You Provide

Account & Purchase Information:

• Full name
• Email address
• GitHub username, only when needed for legacy repository migration or support
• Country/region (for tax purposes)

Payment Information:

• Credit card details (collected by Polar.sh)
• Bank transfer details (collected by Sepay for Vietnam payments)
• Billing address
• Transaction history

Communications:

• Support emails and messages
• Discord community interactions
• Survey responses and feedback

2.2 Automatically Collected Information

Usage Data:

• Pages visited on our website
• Time spent on pages
• Click behavior and navigation paths
• Referral sources
• Device information (browser type, OS, screen resolution)
• IP address
• Session duration

Analytics & Cookies:

• Google Analytics (GA4) tracking for site usage
• Umami Analytics for privacy-focused tracking
• Essential cookies for authentication and preferences
• No third-party advertising cookies

2.3 Information from Third Parties

OAuth Providers:

• GitHub account information (username, email) if you use GitHub OAuth

Payment Processors:

• Payment confirmation and transaction status from Polar.sh and Sepay

3. How We Use Your Information

We use your information to:

3.1 Provide Services

• Process and fulfill your orders
• Deliver license-key access and product download instructions
• Deliver email confirmations and receipts
• Provide customer support
• Manage your account and access

3.2 Improve Services

• Analyze website usage and user behavior
• Identify bugs and performance issues
• Develop new features and improvements
• Conduct research and analytics

3.3 Communicate

• Send order confirmations and updates
• Send license and product access updates
• Notify about legacy repository migration status, if applicable
• Send important service updates
• Respond to your inquiries and support requests

We do not send marketing emails unless you explicitly opt-in.

3.4 Comply with Legal Obligations

• Maintain transaction records for tax compliance
• Respond to legal requests and court orders
• Prevent fraud and abuse
• Protect our rights and property

4. Legal Basis for Processing (GDPR)

For users in the EU, EEA, and UK, we process your personal data based on:

4.1 Contractual Necessity

Processing necessary to provide our services, including order fulfillment, license-key access, and product downloads.

4.2 Consent

• Marketing communications (if opted in)
• Optional analytics and tracking
• Survey participation

4.3 Legitimate Interests

• Fraud prevention and security
• Website analytics and improvements
• Customer support and service quality

4.4 Legal Obligations

• Tax compliance and financial record-keeping
• Response to lawful requests
• Data breach notifications

5. How We Share Your Information

5.1 Service Providers (Processors)

We share your data with trusted third-party service providers who process data on our behalf:

GitHub (Microsoft Corporation)

• Purpose: Legacy repository migration and support when applicable
• Data Shared: GitHub username and repository invitations only for legacy migration/support cases
• Privacy Policy: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement

Polar.sh

• Purpose: Global payment processing (credit cards, PayPal)
• Data Shared: Name, email, payment details
• Privacy Policy: https://polar.sh/legal/privacy

Sepay (SePay JSC)

• Purpose: Vietnam bank transfer payments
• Data Shared: Name, email, bank transfer details
• Privacy Policy: https://sepay.vn/privacy.html

Resend

• Purpose: Transactional email delivery
• Data Shared: Name, email address, order details
• Privacy Policy: https://resend.com/legal/privacy-policy

Google Analytics (GA4)

• Purpose: Website analytics and usage tracking
• Data Shared: Anonymized usage data, device information
• Privacy Policy: https://policies.google.com/privacy
• Opt-out: https://tools.google.com/dlpage/gaoptout

Umami Analytics

• Purpose: Privacy-focused website analytics
• Data Shared: Anonymized usage data (no personal information)
• Note: No personal data collected or shared

Vercel

• Purpose: Website hosting and infrastructure
• Data Shared: Usage logs, performance metrics
• Privacy Policy: https://vercel.com/legal/privacy-policy

5.2 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the acquiring entity. You will be notified via email of any such change.

5.3 Legal Requirements

We may disclose your information to:

• Comply with legal obligations
• Respond to court orders and subpoenas
• Cooperate with law enforcement
• Protect our rights, property, and safety
• Prevent fraud or illegal activity

5.4 With Your Consent

We may share your information for purposes not listed here if you provide explicit consent.

We do not sell your personal data to third parties.

6. International Data Transfers

AgentKit is based in Vietnam. Your personal data may be transferred to and processed in:

• Vietnam (primary operations)
• United States (hosting, payment processing, email services)
• European Union (analytics, if using EU-hosted services)

6.1 Safeguards for International Transfers

For transfers outside the EU/EEA, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Service providers' data protection certifications

7. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

7.1 Retention Periods

Account Data:

• Active accounts: Indefinitely (while you have access)
• Deleted accounts: 30 days grace period for recovery

Order Records:

• 7 years from purchase date (tax and financial compliance)

Email Communications:

• 2 years from last communication

Support Tickets:

• 2 years from resolution

Website Analytics:

• 26 months (Google Analytics default)
• 12 months (Umami Analytics)

Payment Data:

• Processed and stored by payment processors (Polar.sh/Sepay)
• Not stored on AgentKit servers

7.2 Data Deletion

After retention periods expire, we securely delete or anonymize your data. You may request earlier deletion (see Section 8).

8. Your Rights & Choices

8.1 GDPR Rights (EU/EEA/UK Users)

If you are located in the EU, EEA, or UK, you have the following rights:

Right to Access - Request a copy of your personal data

Right to Rectification - Correct inaccurate or incomplete data

Right to Erasure ("Right to Be Forgotten") - Request deletion of your personal data

Right to Restrict Processing - Limit how we use your data

Right to Data Portability - Receive your data in a structured, machine-readable format

Right to Object - Object to processing based on legitimate interests

Right to Withdraw Consent - Withdraw consent at any time

Right to Lodge a Complaint - File a complaint with your local data protection authority

8.2 CCPA Rights (California Users)

If you are a California resident, you have the following rights under the CCPA:

Right to Know - What personal information we collect and how we use it

Right to Delete - Request deletion of your personal information

Right to Correct - Request correction of inaccurate personal information

Right to Opt-Out of Sales/Sharing - We do not sell or share your personal information for advertising

Right to Non-Discrimination - We will not discriminate against you for exercising your privacy rights

8.3 How to Exercise Your Rights

• Email: support@agentkit.best (Subject: "Privacy Rights Request")
• Response Time: Within 30 days (GDPR) or 45 days (CCPA)
• We may request verification of your identity

9. Data Security

9.1 Security Measures

• TLS 1.3 encryption for data in transit
• Encrypted database storage
• Limited employee access to personal data
• Role-based access permissions
• Secure hosting with Vercel
• PCI-DSS compliant payment processors

9.2 Data Breach Notification

In the event of a data breach, we will:

• Notify you without undue delay
• Inform relevant data protection authorities within 72 hours (GDPR requirement)
• Provide details about the breach and remediation steps

10. Cookies & Tracking Technologies

10.1 Types of Cookies We Use

Essential Cookies: Session management, authentication, security

Analytics Cookies: Google Analytics (GA4), Umami Analytics (privacy-focused)

We do not use: Advertising cookies, third-party tracking cookies for ads, social media tracking pixels

10.2 Cookie Management

• Configure cookie preferences in your browser settings
• Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout

11. Children's Privacy

AgentKit products are intended for users 18 years of age or older. We do not knowingly collect personal information from children under 18.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 30 days before the effective date with a prominent notice on our website.

13. Contact Us

General Inquiries:

• Email: support@agentkit.best
• Discord: https://discord.gg/x7SwTSf3wc

Privacy Rights Requests:

• Email: support@agentkit.best
• Subject: "Privacy Rights Request"

Mailing Address: AgentKit Ho Chi Minh City Vietnam

---

Thank you for trusting AgentKit with your data. We're committed to protecting your privacy and being transparent about our practices.