Privacy Policy

Last updated: January 18, 2026

Note: VAP is operated by an entity currently in formation. This policy will be updated with formal legal entity details upon completion of incorporation.

1. Overview

VAP ("Virtual Agent Pipeline") is an Execution Control Layer for AI Agents. This policy describes how we collect, use, and protect data when you use our service.

We collect only what is necessary for service operation. We do not sell your data to third parties.

2. Data We Collect

Data Type	Purpose	Retention
API Keys	Authentication	Until account deletion
Agent ID	Identity and billing	Until account deletion
Balance/Transactions	Billing records	7 years (legal requirement)
Task Logs	Service operation, debugging	90 days
IP Address	Security, rate limiting	30 days
Generated Media	Delivery to you	7 days after delivery

3. How We Use Data

We use collected data exclusively for:

Service operation: Processing tasks, managing balances
Security: Preventing abuse, enforcing rate limits
Debugging: Resolving issues when tasks fail
Billing: Accurate cost tracking and refunds
Legal compliance: Meeting regulatory requirements

We do not use your data for marketing, profiling, or advertising purposes.

4. Data Sharing

We share data only with:

Generation providers: Replicate, Suno (prompts only, for execution)
Infrastructure providers: Cloudflare, Hetzner (for hosting)
Legal authorities: When required by law

We do not sell, rent, or trade your personal data to third parties.

5. Data Security

We protect your data with:

TLS encryption for all API communication
Encrypted database storage
API key hashing (we never store plain keys)
Rate limiting and abuse detection
Regular security audits

6. Your Rights

You have the right to:

Access: Request a copy of your data
Correction: Request correction of inaccurate data
Deletion: Request deletion of your data
Export: Request your data in a portable format
Objection: Object to certain data processing

To exercise these rights, contact contact@vapagent.com.

7. Cookies

The VAP website uses minimal cookies:

Essential cookies: Session management (if applicable)
No tracking cookies: We do not use analytics or advertising cookies

8. Third-Party Services

VAP integrates with external services for media generation:

Replicate: Image and video generation
Suno: Music generation
Cloudflare R2: Media storage and delivery

Each provider has their own privacy policy. We send only the minimum data required for task execution (prompts, parameters).

9. International Transfers

Data may be processed in:

Germany (primary infrastructure)
United States (generation providers)

We ensure appropriate safeguards for international data transfers.

10. Children's Privacy

VAP is a B2B service for agent developers and platform engineers. We do not knowingly collect data from children under 16. If you believe we have collected such data, contact us immediately.

11. Changes to This Policy

We may update this policy with 30 days notice. Material changes will be communicated via email (if provided) or service announcement.

12. Contact

For privacy-related questions or requests:

Email: contact@vapagent.com