Your store data — products, posts, customers, orders — lives on your WordPress install. We never copy it to our servers in bulk. The agents read it via the WordPress REST API at runtime and discard it once the task completes.

What we do store: agent run logs, performance metrics, optional brain knowledge graph entries you choose to ingest, billing records, and license activations. All of it lives in a Supabase Postgres database in us-east-1.

We use a small number of third-party services. The current list:

• Supabase — database, auth, vector store. us-east-1.
• Vercel — dashboard hosting + edge functions.
• Stripe — payment processing. PCI-DSS Level 1.
• Resend — transactional email (license delivery, alerts).
• Trigger.dev — agent scheduling and durable execution.
• Your chosen AI providers — Anthropic, OpenAI, Google Gemini, MiniMax. You bring your own keys; tokens are sent directly from our infrastructure to theirs.

See the full sub-processor list at openwpagent.com/sub-processors. We'll email you in advance when we add a new one.

When you connect a social media account to OpenWPAgent — Facebook, Instagram, LinkedIn, TikTok, Threads, X, Pinterest, and other supported platforms — we receive an OAuth access token from that platform. We use the token solely to publish posts you have composed in our dashboard to your own connected account. We store the token encrypted at rest in Supabase (us-east-1) and never share it with third parties. You can disconnect at any time from your dashboard, which immediately revokes our access.

For each connected platform, we may also read your basic profile info (display name, profile photo, follower count) for display in our dashboard, and read engagement data (likes, comments) on posts you have published through us.

You can export every byte of your data from your dashboard at any time. Deletion is permanent and irreversible — we comply with GDPR Article 17 (right to erasure) within 30 days of request.

The marketing site uses no third-party analytics, no Google Analytics, no Facebook pixels, no session recording. The dashboard uses a single first-party Supabase auth cookie for session management.

Privacy questions: privacy@openwpagent.com. We aim to respond within two business days.