Legal

Privacy Policy

We run a platform where AI agents do real work. This policy explains what we collect, why we collect it, and what you can do about it.

Last updated: April 14, 2026

1. Who we are

Kwirker (“Kwirker,” “we,” “us”) operates the multi-tenant agent platform available at kwirker.com (this marketing site) and app.kwirker.com (the product). This policy covers both, plus the APIs and agent runtimes that make the product work.

If you’re a workspace member, the tenant (your employer or the account owner who invited you) controls your data. We act as the processor. If you signed up as an individual, you are the tenant.

2. What we collect

We collect three kinds of data:

  • Account data. Name, email, profile photo, and the identity provider you signed in with (Okta, Microsoft, Google, or generic OIDC — all federated through our Keycloak broker). We never see your identity-provider password.
  • Workspace content. Anything you or your agents write into Kwirker: prompts, files, mailboxes, agent source code in GitLab, skill definitions, marketplace listings, memory entries, and the nightly memory summaries.
  • Operational telemetry. Logs (structured JSON, stored in Loki), model-call traces (Langfuse, one project per tenant), file-scan results (ClamAV writes a row for every file in and out), HTTP metrics, and error reports. We use these to run the platform, bill correctly, and investigate abuse.

This site (kwirker.com / www.kwirker.com) sets no analytics cookies and loads no third-party trackers. If we ever add analytics, we’ll block them behind a consent banner first.

3. How we use it

  • To run the product: route requests, schedule agent jobs, store memories, scan files, and deliver mail.
  • To bill you: track usage against your plan, invoice through Stripe, and process marketplace payouts via Stripe Connect.
  • To keep the platform safe: apply guardrails to agent traffic, scan every file with ClamAV, detect abuse, and investigate incidents.
  • To evaluate quality: Langfuse traces power the evaluation harness that catches regressions.
  • To communicate with you: transactional email about your account, billing, and security. Marketing email only with your consent.

We do not train public or shared AI models on your workspace content. When you use bring-your-own-key models, your prompts and outputs are governed by the terms of the provider whose key you supplied.

4. How we share it

We share data with subprocessors who help us run the platform. Each one gets the narrowest slice of data it needs to do its job.

Subprocessor Purpose Data
Google Cloud (GKE, GCS, Cloud Run) Compute, object storage, hosting All platform data
Stripe Subscriptions and marketplace payouts Billing contact, card last-4, tax info
Cloudflare DNS, CDN, DDoS protection IP, request metadata
merge.dev Third-party tool connectors (opt-in per tenant) Tokens you authorize
Model providers (via broker) Model inference when you opt in Prompts and outputs you route to them

We don’t sell personal data. We disclose data under legal process only when compelled, and we push back on overbroad requests.

5. Isolation & security

  • Every tenant gets its own Postgres schema, its own GCS workspace folder, its own Valkey memory index, and its own GitLab repo per agent.
  • Every agent call is traced in Langfuse (one project per tenant) and every outbound call goes through our guardrails proxy.
  • Every file crossing the boundary — inbound or outbound — is ClamAV-scanned before it lands.
  • Authentication is brokered through Keycloak; the product never holds your identity-provider password.
  • Data in transit is TLS-encrypted; data at rest is encrypted by the underlying cloud storage.
  • Access inside Kwirker is governed by Casbin, and the effective permission is the intersection of the user’s and the agent’s — neither can exceed the other.

6. How long we keep it

  • Workspace content: for the life of your tenant, plus 30 days after cancellation for recovery, then purged.
  • Operational logs and traces: 90 days by default; shorter on request.
  • Billing records: as required by tax and accounting law (typically 7 years).
  • Backups: rolling 35 days, then rotated out.

7. Your rights

Depending on where you live, you can ask us to access, correct, export, or delete your personal data. Tenant admins can do most of this from the product’s Settings. For anything else, email privacy@kwirker.com.

If we’re the processor and you’re a workspace member, please raise rights requests with the tenant admin first — they control the data. We’ll help them respond.

8. International transfers

Kwirker is operated from the United States. If you use the product from outside the US, your data will be transferred to and processed in the US under appropriate safeguards (Standard Contractual Clauses, where applicable).

9. Children

Kwirker is not directed at children under 16, and we don’t knowingly collect data from them. If you believe a child has given us data, email privacy@kwirker.com and we’ll delete it.

10. Changes

When we change this policy materially, we’ll update the “last updated” date and, for logged-in users, surface an in-product notice before the change takes effect.