Agents·Starv2
Login

Privacy Policy

Last updated: 2026-06-20 · English is the controlling version.

AGENTS-STAR ("AGENTS-STAR", "we", "us"), operated by TreasureFleet AI, Inc. (a Delaware C Corporation), provides an AI agent platform for e-commerce sellers. This Policy explains what we collect, how we use it, and the rights you have. Questions? Contact lynnzhang000000@gmail.com or Support.

1. Information we collect

  • Account data: email, display name, login timestamps, and source IP (used only for anti-abuse and session management).
  • Your API keys: third-party LLM keys you enter under Settings (Anthropic / OpenAI / Gemini, etc.), stored encrypted with AES-256-GCM.
  • Content & materials: your conversations with agents, uploaded attachments, generated images/videos, and RAG knowledge-base documents — kept so you can review them later.
  • Usage metadata: per-call input/output token counts, latency, and error types, used to show you cost and to troubleshoot.
  • Payment data: if you subscribe, billing is processed by Stripe. We do not store your full card number; Stripe handles card data under its own PCI-compliant policy.
  • Consumer inputs (only 6 agents): review-analysis / customer-service / persona agents may receive inputs containing PII (phone, email, ID, address). Such PII is auto-redacted to [PHONE]/[EMAIL]/[ID]/[ADDRESS] before reaching any LLM; related logs are purged after 7 days.

2. How we use your information

To provide and operate the service, authenticate you, run the agent tasks you trigger, show you usage/cost, prevent abuse, process payments, and send service notices.

3. What we do NOT do

  • We do not use your data to train any model.
  • We do not sell or "share" (as defined under CCPA/CPRA for cross-context behavioral advertising) your personal information.
  • We do not disclose your conversations or keys to third parties — except the third-party APIs you yourself invoke.
  • We do not collect raw consumer PII; even if you upload a CSV with PII, the LLM only sees the redacted version.

4. Service providers (sub-processors)

We rely on: Anthropic, OpenAI, Google (model APIs you invoke); Stripe (payments); Resend & Cloudflare (email/DNS/CDN); Vultr (hosting); and privacy-respecting product analytics (e.g., PostHog) with no advertising trackers. Each processes data only to perform its function.

5. Data location, transfers & retention

Data is stored on a single VPS in Vultr's Tokyo region (SQLite + local file system), transmitted over HTTPS at all times, with encrypted daily backups retained 14 days. If you access from the US or EU, your data is processed internationally; by using the service you consent to this transfer, and we apply appropriate safeguards where required.

Merchant-side data (products/copy/campaigns) is purged after 30 days; consumer-side data (reviews/support context) after 7 days. On trial end or your request, we erase all your data within 7 business days — email lynnzhang000000@gmail.com or use Support.

6. Security

API keys are encrypted at rest (AES-256-GCM); all traffic is HTTPS; sessions use a single JWT cookie. No method is 100% secure, but we apply reasonable safeguards.

7. Your privacy rights

California residents (CCPA/CPRA) have the right to know, access, delete, and correct personal information; to opt out of sale/sharing (note: we do not sell or share); to limit use of sensitive personal information; and to non-discrimination for exercising these rights. You may use an authorized agent.

EU/UK residents (GDPR) have the rights of access, rectification, erasure, restriction, portability, and objection, and may lodge a complaint with a supervisory authority. Our legal bases are contract performance, legitimate interests (security, troubleshooting), and consent where applicable.

You can export or permanently delete your account and all associated data yourself at any time under Settings → Account (deletion has a 7-day grace period and can be canceled). To exercise any other right, email lynnzhang000000@gmail.com or use Support. We verify requests before acting and respond within the timeframe required by law.

8. Data Processing Agreement (DPA)

If you use the service on behalf of a company and need a formal DPA (bilingual, 1 page), request it via Support. We will sign a version compliant with your region (PIPL / GDPR / CCPA).

9. Cookies

We use one session cookie to hold your JWT for login. No advertising or cross-site tracking cookies.

10. Children

The service is not directed to and may not be used by anyone under 18. We do not knowingly collect data from children.

11. Changes

We may update this Policy; material changes will be notified to your registered email. Continued use after the effective date means acceptance.

12. Contact

TreasureFleet AI, Inc. · 2810 N Church St, STE 88938, Wilmington, DE 19802, USA · lynnzhang000000@gmail.com · Support

隐私说明(中文摘要)

本中文版为便利提供;如与英文版冲突,以英文版为准。

  • 收集:账号信息(邮箱、显示名、登录时间、IP)、你填的第三方 API Key(AES-256-GCM 加密)、对话与素材、用量元数据、订阅支付(经 Stripe)、消费者 PII(进 LLM 前自动脱敏,日志 7 天清除)。
  • 不做:不训练模型、不出售/共享你的个人信息、不向你未授权的第三方泄露、不收集原始消费者 PII。
  • 存储与保留:数据在 Vultr 东京机房单台 VPS,全程 HTTPS,加密备份留 14 天;商家数据留 30 天、消费者数据留 7 天;注销或申请后 7 个工作日内彻底删除。
  • 你的权利:可在 设置 → 账号 **自助导出或删除你的全部数据**(删除有 7 天宽限可撤销);加州/欧盟用户分别享 CCPA/CPRA 与 GDPR 权利。其他诉求联系 lynnzhang000000@gmail.com联系支持
  • Cookie:仅一个会话 Cookie 存 JWT,无广告追踪。