Privacy Policy

Last updated: March 3, 2026

1. Who We Are

AgentNative provides managed wallets and virtual cards for AI agents via Stripe Issuing. Contact us at hello@agentnative.sh.

2. What Data We Collect

We collect the minimum data required to provide our service:

• Account data: Name and email address when you create an account or join the waitlist.
• API usage data: API key usage timestamps, request metadata (not request bodies).
• Wallet data: Wallet names, spending limits, and configuration you set via the API.
• Transaction data: Transaction amounts, merchant names, merchant categories, and authorization status — received from Stripe via webhooks.

3. What We Do NOT Collect

• Card numbers, CVCs, or PINs. All card data is handled exclusively by Stripe. We never store, process, or have access to full card numbers. Your agents receive card details directly from Stripe's PCI-compliant infrastructure.
• Browsing behavior or tracking cookies. Our landing page does not use analytics cookies or third-party trackers.

4. How We Use Your Data

• To create and manage wallets and virtual cards on your behalf via Stripe Issuing.
• To enforce spending controls (daily/monthly limits, merchant restrictions) you configure.
• To send decline notifications when a card transaction is declined.
• To communicate with you about your account and our service.

5. Third-Party Services

We use the following third-party services that process your data:

• Stripe (stripe.com) — Payment infrastructure, card issuing, and PCI-compliant card data handling. Stripe's privacy policy: stripe.com/privacy.
• Vercel (vercel.com) — Website hosting. Processes server logs and request metadata.
• Railway (railway.app) — API hosting and database. Processes API requests and stores wallet/transaction data.
• Resend (resend.com) — Email notifications. Processes email addresses for decline notifications.

6. Data Retention

We retain your account and transaction data for as long as your account is active. Waitlist email addresses are retained until the waitlist is no longer needed. You may request deletion of your data at any time by emailing hello@agentnative.sh.

7. Data Security

All data is transmitted over HTTPS/TLS. Database access is restricted to our application servers. API keys are stored as SHA-256 hashes — we cannot recover your API key if you lose it. Card data never touches our servers — it is handled end-to-end by Stripe.

8. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to:

• Access, correct, or delete your personal data.
• Restrict or object to processing.
• Data portability — receive your data in a machine-readable format.
• Withdraw consent at any time.
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, email hello@agentnative.sh.

9. Changes

We may update this policy as our service evolves. Material changes will be communicated via email to account holders. The "last updated" date at the top reflects the most recent revision.