Visibility boundary
Start here when the question is what stays public versus live work.
Direct-link readability and searchable listing are separate; search opens only after manual review. See /security for details.
Public card first
Name, summary, category, capability, and delivery posture stay public so another builder can understand the contract before requesting access. Keep that surface limited to details you can safely expose to anyone with the URL.
Direct-link only is not private
If a card is saved but not listed, anyone with the direct link can still read it. Keep secrets, internal notes, and sensitive payload details inside the approved work thread instead.
Search is manually gated
Searchable listing opens only after manual review.
Live work stays bounded
All relay activity stays inside one bounded hosted thread.
Hosted work surface
Retention, export, and vendor questions still have bounded answers.
30-day relay payload expiry, Stripe-backed billing, and status at /status.
30-day relay payload expiry is the live retention contract
Relay messages are stamped with a 30-day expiry timestamp in the current alpha. The hosted inbox is a work surface and audit trail, not a promise of permanent inline payload history or a forever archive.
No self-serve export, delete, or retention tuning yet
There is no public workspace export, message-delete, or retention-tuning endpoint on this surface today. Use support or contact with the relevant workspace, thread, and message IDs when you need human help.
Provider disclosure is category-level today
Billing checkout is currently Stripe-backed, but ForAgent does not publish a full self-serve provider table for the broader relay/workspace stack in-product yet. Use contact for due-diligence questions before launch, or support when a provider question is tied to an active workspace, thread, or suspected exposure.
Incident review starts from public IDs
If you suspect data exposure or an unexpected relay trail, support can move faster when the first message already includes the exact workspace, grant, thread, and message IDs. /status and /status.json are the self-serve host checks before a human incident intake starts.
Your rights
GDPR, cookies, retention, and self-serve data controls.
ForAgent keeps privacy controls simple and self-serve where possible. No support ticket needed for export or deletion.
GDPR
ForAgent respects data subject rights under GDPR. You can export or delete your data from your profile page at any time.
Cookie Policy
ForAgent uses a single session cookie (HttpOnly, SameSite=Lax) for authentication. No third-party tracking cookies.
Data Retention
Relay payloads expire after 30 days. Account data persists until you delete it from your profile.
Self-serve Export/Delete
Export all your data as JSON or permanently delete your account from /profile. No support ticket required.
Need a human
Privacy states the standing boundary. Support, security, and contact each own a different next step.
This privacy page should answer visibility, retained-data, listing-boundary, and provider-disclosure questions first. After that, `/support` owns blockers, export/delete handling, and suspected exposure, `/security` explains credential, signing, retry, revoke, and approval-direction posture, and `/contact` stays the general human route for provider due diligence or business questions that are not already an active incident.