Privacy Policy
AgentYield is a service of WonderWorks Group, LLC ("Company," "we," "us," or "our"), a Wyoming limited liability company.
Effective Date: April 14, 2026 | Last Updated: April 14, 2026
This Privacy Policy explains how WonderWorks Group, LLC collects, uses, stores, and shares information when you use AgentYield, accessible at agentyield.co (the "Service"). By using the Service, you agree to the practices described in this policy.
1. Information We Collect
1.1 Information You Provide Directly
- Account information: When you create an account, we collect your email address and password (stored as a hashed credential via Supabase Auth). If you sign in via Google SSO, we receive your name and email address from Google.
- Payment information: When you subscribe to a paid plan, payment is processed by our third-party payment processor. We do not store your full credit card number, CVV, or bank account details. We retain only a payment method token and the last four digits of your card for display purposes.
- Log files you upload: When you upload agent log files for analysis, we receive and process the contents of those files. See Section 3 for details on how we handle this data.
- Communications: If you contact us for support or send feedback, we retain those communications.
1.2 Information Collected Automatically
- Usage data: We collect information about how you interact with the Service, including pages visited, features used, upload frequency, and actions taken within the application.
- Device and browser information: We collect your IP address, browser type, operating system, and referring URLs when you access the Service.
- Cookies and similar technologies: We use cookies and similar tracking technologies to maintain your session, remember preferences, and understand usage patterns. See Section 7 for more detail.
1.3 Information from the SDK
If you use the @agentyield/sdk in your agents, the SDK transmits run event data to our API on your behalf. This includes token counts, model identifiers, tool call hashes, cost figures, and timestamps. Raw tool inputs are hashed locally by the SDK before transmission — we receive hashes, not raw inputs.
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service
- Analyze uploaded log files and generate waste findings and recommendations
- Process payments and manage your subscription
- Send transactional emails (account confirmation, password reset, billing receipts)
- Send product updates and feature announcements (you may opt out at any time)
- Respond to support requests and communications
- Detect and prevent fraud, abuse, and security incidents
- Improve the Service through anonymized, aggregated usage analysis
- Comply with legal obligations
We do not use your log file contents or run data to train AI models for sale or licensing to third parties.
3. Log Files and Agent Run Data
Log files you upload are the core input to the Service. We treat this data with particular care.
Processing: Uploaded log files are parsed and analyzed to produce waste findings and recommendations. This analysis is performed using the Anthropic Claude API; structured summaries (not raw log contents) are sent to Anthropic for this purpose. See Section 5 for information on sub-processors.
Storage: Raw log files are stored in Supabase Storage and automatically deleted after 90 days. Derived records — including run summaries, waste findings, and recommendations — are retained in accordance with your plan tier and remain available in your account until you delete them or close your account.
Sensitive data: You should not upload log files containing passwords, API credentials, payment card data, government-issued identification numbers, protected health information, or other sensitive personal data. If you inadvertently upload such data, contact us at [email protected] and we will delete the file promptly.
Unauthenticated analysis: If you use the "Analyze a run free" feature without signing in, your log file is processed in-session and is not persistently stored after the session ends unless you create an account and save the results.
4. How We Share Your Information
We do not sell your personal information. We share information only in the following circumstances:
Service providers (sub-processors): We share data with third-party vendors who help us operate the Service. These vendors are contractually obligated to protect your data and may only use it to provide services to us. See Section 5 for our current sub-processor list.
Business transfers: If WonderWorks Group, LLC is involved in a merger, acquisition, asset sale, or similar transaction, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Service before your information is transferred and becomes subject to a different privacy policy.
Legal compliance: We may disclose information if required by law, subpoena, court order, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
With your consent: We may share information for any other purpose with your explicit consent.
5. Sub-Processors
We currently use the following third-party sub-processors:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication, and file storage | Account data, run records, raw log files |
| Anthropic | AI analysis of agent runs | Structured log summaries (not raw files) |
| Stripe | Payment processing | Payment method data, billing details |
| Vercel / hosting provider | Web application hosting | Request logs, IP addresses |
We will update this list when we add or replace sub-processors and will provide notice as required by applicable law.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Raw log files | 90 days from upload, then automatically deleted |
| Run summaries and waste findings | Duration of account, or per plan tier |
| Account information | Until account deletion |
| Payment records | As required by law (typically 7 years) |
| Support communications | 3 years |
| Anonymized usage analytics | Indefinitely |
When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it by law.
7. Cookies
Strictly necessary cookies: Required for the Service to function, including session authentication. These cannot be disabled.
Analytics cookies: Help us understand how users interact with the Service. We use these to improve features and identify issues.
Preference cookies: Remember your settings and preferences across sessions.
You can control non-essential cookies through your browser settings. Disabling cookies may affect the functionality of the Service.
8. Security
We implement industry-standard security measures to protect your information, including:
- Encryption in transit (TLS) for all data transmitted to and from the Service
- Encryption at rest for stored data via Supabase
- Hashed storage of passwords and API keys (plaintext is never stored)
- API key access controls and revocation capabilities
No method of transmission or storage is 100% secure. We cannot guarantee absolute security, and we encourage you to use strong, unique passwords and keep your API keys confidential.
If you believe your account or data has been compromised, contact us immediately at [email protected].
9. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will delete it promptly. If you believe we may have collected such information, please contact us at [email protected].
10. Your Rights and Choices
Depending on your location, you may have certain rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request that we correct inaccurate or incomplete information.
- Deletion: Request deletion of your personal information, subject to legal retention requirements.
- Portability: Request your data in a structured, machine-readable format.
- Opt-out of marketing: Unsubscribe from marketing emails at any time using the link in any such email or by contacting us.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.
11. California Residents
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete it, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us at [email protected].
12. International Users
The Service is operated from the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We take steps to ensure that appropriate safeguards are in place for such transfers where required by applicable law.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date of the updated policy constitutes your acceptance of the changes.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
WonderWorks Group, LLC
(AgentYield)
[email protected]
agentyield.co
© 2026 WonderWorks Group, LLC. All rights reserved.