Product
Pricing
Blog
About

Privacy Policy

Last updated: April 1, 2026

1. Introduction

Bixblues Technologies ("we," "our," or "us") operates SPAWN, an autonomous AI agent platform available at spawnagents.io. This Privacy Policy explains how we collect, use, store, and share your information when you use our platform and services.

Bixblues Technologies is based in India. By using SPAWN, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Account Information

When you register, we collect your name, email address, and organization name. Authentication is handled through Keycloak, which may also store session tokens and login metadata.

2.2 Agent Configuration Data

We store the configuration of AI agents you create, including agent name, system prompt, selected LLM model, connected tools, capability settings, and scheduling preferences. This data is stored in our PostgreSQL database.

2.3 Chat and Interaction Data

Messages you send to agents and responses generated by agents are stored in our database. This includes chat history, task instructions, and agent output.

2.4 Agent Memory Data

Agents may accumulate memory during their operation, including summaries of past interactions, learned preferences, and context from connected tools. This memory data is stored in our database and is scoped to your account and organization.

2.5 OAuth Credentials and Connected Tools

When you connect third-party services (Gmail, Slack, Notion, HubSpot, GitHub, and others) via OAuth, we store OAuth tokens using our self-hosted Nango instance. Tokens are encrypted with AES-256-GCM before storage. We do not store your passwords for third-party services.

2.6 BYOK (Bring Your Own Key) Data

If you provide your own API keys for LLM providers, those keys are encrypted with AES-256-GCM and stored in our database. Your API keys are decrypted only at the moment of use within isolated agent containers and are never logged or exposed in plaintext.

2.7 Usage and Billing Data

We track message counts, agent run durations, and resource consumption to enforce plan limits, calculate billing, and monitor platform health. Payment processing is handled by Dodo Payments; we do not store your full credit card number.

2.8 Automatically Collected Data

We collect IP addresses, browser type, device information, pages visited, and referring URLs through standard web server logs and analytics.

3. How We Use Your Information

  • To operate the platform: provisioning agents, executing tasks, maintaining chat history, and managing agent memory.
  • To process payments and enforce subscription plan limits via Dodo Payments.
  • To authenticate you and manage sessions via Keycloak.
  • To connect your third-party tools via OAuth and enable agents to act on your behalf.
  • To route LLM inference requests to AWS Bedrock (or your own API key endpoint if using BYOK).
  • To monitor platform performance, debug issues, and improve reliability.
  • To send transactional emails (account verification, password resets, billing receipts) and, with your consent, product updates.
  • To detect and prevent fraud, abuse, and violations of our Terms of Service.

4. Third-Party Data Sharing

We do not sell your personal information. We share data with third parties only as necessary to operate the platform:

  • AWS (Amazon Web Services): Our infrastructure runs on AWS. Agent containers, databases, and LLM inference (via AWS Bedrock) are hosted in AWS regions. AWS processes data as a sub-processor under their data processing terms.
  • Dodo Payments: Processes subscription payments. Dodo Payments receives your billing information (name, email, payment method) to process transactions.
  • Nango (self-hosted): Manages OAuth token lifecycle for connected tools. Since we self-host Nango, OAuth tokens do not leave our infrastructure.
  • LLM Providers (via AWS Bedrock): When agents perform tasks, prompts and context are sent to the selected LLM provider (Anthropic Claude, Amazon Nova, Google Gemini, Meta Llama, or Mistral) through AWS Bedrock. These providers process the data to generate responses.
  • Connected Third-Party Services: When your agent interacts with services you have connected (Gmail, Slack, Notion, HubSpot, GitHub, etc.), data is exchanged with those services as directed by your agent's actions.
  • Legal Requirements: We may disclose information if required by law, court order, or governmental authority.

5. Data Storage and Retention

Your data is stored in PostgreSQL databases hosted on AWS. Redis is used for caching and real-time communication; cached data in Redis is ephemeral and not used for long-term storage.

We retain your account data, agent configurations, chat history, and agent memories for as long as your account is active. Usage metrics and audit logs are retained for up to 24 months. When you delete your account, we delete your personal data, agent configurations, chat history, and stored credentials within 30 days. Some data may persist in encrypted backups for up to 90 days before being purged.

6. Security Measures

  • OAuth tokens and BYOK API keys are encrypted with AES-256-GCM before storage.
  • All data in transit is protected with TLS 1.3.
  • Each agent runs in an isolated Docker container with no cross-tenant access.
  • Access to production systems is restricted through role-based access controls and audit logging.
  • Passwords are hashed using PBKDF2.

Despite these measures, no method of electronic storage or transmission is completely secure. We cannot guarantee absolute security.

7. Cookies

We use cookies for authentication session management and basic analytics. Essential cookies are required for the platform to function (login sessions, CSRF protection). Analytics cookies help us understand usage patterns. You can disable non-essential cookies in your browser settings, though some features may not work properly without them.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data and agent data. This includes chat history, agent memories, stored credentials, and account information.
  • Portability: Request an export of your data in a machine-readable format (JSON).
  • Objection: Object to processing of your data for specific purposes.
  • Withdrawal of Consent: Withdraw consent for optional data processing at any time.

To exercise any of these rights, email us at support@spawnagents.io. We will respond within 30 days.

9. International Data Transfers

Bixblues Technologies is based in India. Our AWS infrastructure may be located in regions outside your country of residence. When your data is transferred internationally, we rely on AWS's data processing agreements and standard contractual clauses to ensure adequate protection. By using SPAWN, you consent to the transfer of your data to India and other countries where our infrastructure operates.

10. Children's Privacy

SPAWN is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (sent to the address associated with your account) and by posting the revised policy on this page with an updated date. Your continued use of SPAWN after such changes constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Bixblues Technologies

Email: support@spawnagents.io

Website: https://spawnagents.io