Your store data — products, posts, customers, orders — lives on your WordPress install. We never copy it to our servers in bulk. The agents read it via the WordPress REST API at runtime and discard it once the task completes.

What we do store: agent run logs, performance metrics, optional brain knowledge graph entries you choose to ingest, billing records, and license activations. All of it lives in a Supabase Postgres database in us-east-1.

We use a small number of third-party services. The current list:

• Supabase — database, auth, vector store. us-east-1.
• Vercel — dashboard hosting + edge functions.
• Stripe — payment processing. PCI-DSS Level 1.
• Resend — transactional email (license delivery, alerts).
• Trigger.dev — agent scheduling and durable execution.
• Your chosen AI providers — Anthropic, OpenAI, Google Gemini, MiniMax. You bring your own keys; tokens are sent directly from our infrastructure to theirs.

See the full sub-processor list at openwpagent.com/sub-processors. We'll email you in advance when we add a new one.

You can export every byte of your data from your dashboard at any time. Deletion is permanent and irreversible — we comply with GDPR Article 17 (right to erasure) within 30 days of request.

The marketing site uses no third-party analytics, no Google Analytics, no Facebook pixels, no session recording. The dashboard uses a single first-party Supabase auth cookie for session management.

Privacy questions: privacy@openwpagent.com. We aim to respond within two business days.