AgentFendAgentFend
HomeScannerLibraryContact
Retour a l'accueil

AgentFend Legal

Privacy Policy

Traitement des donnees personnelles, fonctionnement des analyses, stockage des contenus et informations RGPD applicables a AgentFend.

Last Updated: March 23, 2026
Data Controller: Hugo Damion, residing in Orléans (45000), France.
Privacy Contact:

1. Purpose

The purpose of this Privacy Policy is to inform users of the AgentFend service about how their personal data is collected, used, stored, and protected.

AgentFend is primarily designed for developers, AI users, product teams, and startups wishing to analyze AI Skills, prompts, scripts, and associated technical content before installation or execution.

2. Identity of the Data Controller

For any questions regarding the protection of your personal data or to exercise your rights, you may contact us at: or .

3. Data Categories

Depending on your use of AgentFend, we may process the following categories of data:

  • Identification Data: Email address, username, organization name, account ID.
  • Connection and Usage Data: IP address, technical logs, connection timestamps, browser type, operating system, technical identifiers, security events.
  • Analysis-Related Data: Repository URLs, filenames, skill names, analysis metadata (duration, score, findings, recommendations).
  • Submitted Content: Prompts, scripts, files, or snippets uploaded to the service for technical analysis.
  • Correspondence Data: Messages sent to support and email responses.

4. Specific Processing for Scripts and Submitted Content

4.1 General Principle

AgentFend analyzes technical content to produce a security report. We apply a strict data minimization principle.

4.2 Storage and Deletion

  • Analysis Metadata: Scores and risk findings are stored to provide your scan history.
  • Raw Submitted Code (Ephemeral Analysis): By default, the full content of scripts and files submitted for analysis is processed temporarily. This raw content is automatically deleted from our active storage within 30 days, unless the user explicitly requests to save it in a private or public library.
  • Secrets Handling: Our engine identifies secrets (API keys, tokens). These secrets are never stored in plain text. Only the fact that a secret was detected is recorded in the report.

5. Purposes and Legal Bases

PurposeLegal Basis
Providing the scan service and account managementPerformance of a contract (ToS)
Ensuring infrastructure security and preventing abuseLegitimate interest
Improving the Onyx Engine (via anonymized data)Legitimate interest
Complying with legal and tax obligationsLegal obligation

6. Data Recipients

Your data is accessible only to:

  • Authorized AgentFend Staff: For support and service maintenance.
  • Technical Subprocessors: Providers of hosting, database, and security services.
  • Legal Authorities: Only when required by law or a valid court order.

7. Service Providers and International Transfers

AgentFend relies on third-party providers located outside the European Union (USA/Singapore). These transfers are governed by Standard Contractual Clauses (SCC) to ensure a GDPR-compliant level of protection:

  • Hosting & Frontend: Vercel Inc. (USA).
  • Database & Infrastructure: Supabase Inc. (Singapore / USA).

8. Retention Periods

  • Account Data: For the duration of the account + 12 months after deletion.
  • Scan History (Metadata): 24 months.
  • Raw Submitted Code: 30 days (unless added to the library).
  • Security Logs: 12 months.

9. Your Rights (GDPR)

In accordance with the General Data Protection Regulation, you have the following rights:

  • Right of Access and Rectification.
  • Right to Erasure (Right to be forgotten).
  • Right to Restrict Processing and Right to Object.
  • Right to Data Portability.
  • Right to lodge a complaint with a supervisory authority (such as the CNIL in France).

To exercise these rights, please contact: .

10. Cookies and Tracking

AgentFend uses strictly necessary technical cookies for authentication and session security. We do not use third-party advertising or tracking cookies.

11. Security

We implement rigorous technical measures (TLS encryption, hachage, isolated scan environments) to protect your data. However, as no system is 100% secure, users are advised not to submit highly sensitive personal data within the scripts analyzed.

12. Minors

The AgentFend service is not intended for use by minors under the age of 15 without appropriate legal supervision.

13. Modifications

This policy may be updated to reflect changes in our services or regulations. The most recent version will always be available on the website.

14. Contact

For any questions: