Privacy Policy

Last updated: April 22, 2026 · Release: us-atlanta-v1

1. Who we are

server2agent ("we") is operated by server2agent, Inc., incorporated in Delaware, United States. Contact: privacy@server2agent.com.

2. What we collect

  • Admin accounts — email, name, organization, OAuth provider id, session tokens (managed by Clerk).
  • Server metadata — hostname (as provided by you), tier, role, maintenance window, service names you list as critical.
  • Incident & audit logs — IP, user-agent, approvals, playbook invocations, command exit codes. PII is masked at source.
  • Billing — Stripe tokens and US tax-location fields. We never receive or store raw card or bank numbers.
  • Contacts you provide — emails and SMS numbers for alert recipients. You are responsible for obtaining their consent.

3. Why we collect it

To deliver the service, authenticate users, bill accurately, detect abuse, meet legal tax/audit obligations, and improve the product. We do not sell personal information.

4. How long we keep it

  • Active admin account data — until you terminate, then purged within 30 days.
  • Audit logs — 3 years (SOC 2 requirement), then reduced to summaries.
  • Billing/tax records — 5+ years (US IRS requirement).
  • Incident summaries (post-processed) — up to 1 year.

5. Sub-processors

Third parties that process your data on our behalf are listed at /subprocessors. We give 30 days' notice before adding a new one.

6. International transfers

This release (us-atlanta-v1) keeps all operational data in the United States. LLM requests are processed by Anthropic in the United States.

7. Your rights

You can access, correct, export, or delete your data by emailing privacy@server2agent.com. We respond within 30 days. Under state laws (e.g., CCPA/CPRA), you may appoint an authorized agent.

8. Automated decisions

Our AI proposes actions, but no destructive change runs without a human approval. You can review every tool call and command in your audit log.

9. Security

TLS 1.3 in transit, AES-256 at rest, mTLS on agent channels, append-only hash-chained audit log. SOC 2 Type I audit in progress. Details in our Security Whitepaper (NDA).

10. Incident notification

If we detect unauthorized access to personal data, we notify affected customers within 72 hours and, where required, regulators.

11. Changes to this policy

Material changes are announced 30 days in advance. Archived versions available on request.

12. Contact

Privacy / DPO: privacy@server2agent.com
Security: security@server2agent.com
Mailing address: server2agent, Inc., 229 Peachtree St NE, Atlanta, GA 30303, USA