Privacy Policy

DeployCo is an AI agent deployment and governance platform. We design, deploy, and operate AI agents for businesses — enabling them to automate specific operational tasks while maintaining human oversight and a complete audit trail.

Our registered business is Purogaly Advisory Group, a California company. Our primary place of business is California, United States. For privacy-related inquiries, you may contact us at hello@deployco.co.

We collect information in three ways: information you provide to us directly, information generated through your use of the platform, and limited technical information collected automatically.

We use the information we collect for the following purposes:

• To provide the service. We use your configuration data, content, and execution records to design, deploy, and operate AI agents on your behalf.
• To respond to inquiries. We use contact form submissions to reply to your questions and evaluate whether we are a fit for your needs.
• To maintain an audit trail. We log all platform actions to provide you and your compliance team with a complete, verifiable record of agent activity.
• To monitor and improve agent performance. We review execution records to detect drift, identify edge cases, and improve the agents we operate for you.
• To communicate with you. We may send operational communications — such as notifications when a draft is ready for review, or alerts when an agent encounters an error.
• To comply with legal obligations. We process certain data as required by applicable law, regulation, or lawful government request.

We do not use your data for advertising. We do not sell your data to third parties. We do not train AI models on your content.

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases as defined in the General Data Protection Regulation (GDPR):

• Performance of a contract. Processing necessary to provide the services you have engaged us to deliver.
• Legitimate interests. Processing necessary for our legitimate business interests, including platform security, service improvement, and fraud prevention, provided those interests are not overridden by your rights.
• Legal obligation. Processing required to comply with applicable law.
• Consent. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

• Infrastructure and hosting providers. We use Supabase, Inc. to host our platform database and Edge Functions. Your data is stored on servers located in the United States (West US region). Supabase processes data on our behalf as a data processor, under appropriate data processing agreements.
• AI model providers.When an agent runs, we send prompts to Anthropic, PBC's Claude API to generate outputs. These prompts may include your agent's configuration and contextual information. Anthropic processes this data under their own API terms and privacy policy. We do not send personally identifiable information about your end customers to Anthropic unless you explicitly include it in your agent configuration.
• Legal and regulatory disclosure. We may disclose your information where required by applicable law, court order, or government authority, or where we believe disclosure is necessary to protect the rights, property, or safety of DeployCo, our customers, or the public.
• Business transfers. In the event of a merger, acquisition, or sale of substantially all of our assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website prior to your data becoming subject to a different privacy policy.

We retain your personal data for as long as your engagement with DeployCo is active, and for a reasonable period thereafter to comply with our legal obligations, resolve disputes, and enforce our agreements.

• Contact form submissions. Retained for 24 months from submission, or until you request deletion.
• Agent configuration and execution records. Retained for the duration of your engagement plus 12 months, unless a longer retention period is required by applicable law or agreed upon in writing.
• Audit log entries. Retained for a minimum of 36 months. Audit logs may be retained longer where required by regulatory obligation.
• Account data. Retained until your account is closed, plus 12 months.

Upon expiry of the applicable retention period, we will securely delete or anonymize your data.

We implement technical and organizational measures designed to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Row-level security enforced at the database layer, ensuring one customer's data is never accessible to another.
• Encrypted transport (TLS) for all data in transit between your browser, our platform, and third-party services.
• Authentication token verification on every platform operation.
• Service-role isolation: administrative database writes are performed under a restricted service role that is not exposed to end-user sessions.
• Access controls limiting DeployCo personnel access to customer data to what is necessary for operating and supporting the service.

No method of electronic storage or transmission is completely secure. While we take these protections seriously, we cannot guarantee absolute security. We will notify affected customers without undue delay in the event of a data breach that is likely to result in a risk to your rights and freedoms.

DeployCo is based in California, United States. If you access our platform from outside the United States, your information will be transferred to, stored, and processed in the United States. We take steps to ensure that such transfers comply with applicable data protection law, including, where required, implementing Standard Contractual Clauses approved by the European Commission for transfers from the EEA.

Our website uses only the cookies necessary to operate the platform — specifically, authentication session cookies that keep you logged in. We do not use advertising cookies, tracking pixels, or third-party analytics that follow you across websites.

You may disable cookies in your browser settings, but doing so may prevent you from accessing authenticated areas of the platform.

The DeployCo platform is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without parental consent, we will delete that information promptly.

We may update this Privacy Policy from time to time. When we make material changes, we will notify affected customers by email at least 14 days before the changes take effect, and update the “Last updated” date at the top of this page. Your continued use of the platform after the effective date constitutes acceptance of the updated policy.

For questions, requests, or concerns regarding this Privacy Policy or our data practices, please contact: