Legal

Privacy Policy

Last updated: February 18, 2026

Who we are

WorkingAgents is operated by James Aspinwall, based in the United States. When we say "we", "us", or "our" in this policy, we mean WorkingAgents.

What we collect

We keep data collection to a minimum.

  • Contact form submissions. If you reach out through our contact form, we collect the information you provide — typically your name, email address, and message. We use this only to respond to your inquiry.
  • Platform account data. If you sign up for the WorkingAgents platform, we collect the information needed to create and manage your account (email, name, organization). Authentication uses encrypted cookies stored in your browser.
  • Server logs. Our web server records standard access logs (IP address, browser type, pages visited, timestamps). These are used for security monitoring and debugging, not for marketing or profiling.

What we don't collect

  • We do not use Google Analytics or any third-party tracking scripts.
  • We do not use advertising pixels, retargeting, or fingerprinting.
  • We do not sell, rent, or share your personal data with third parties.

External services

This website loads fonts from Google Fonts. When you visit our site, your browser makes a request to Google's servers to load these fonts. Google's privacy policy applies to that request. No other third-party services are loaded on our marketing pages.

Cookies

Our marketing website does not set cookies. If you log into the WorkingAgents platform, we use a single encrypted authentication cookie to maintain your session. This cookie is:

  • HttpOnly (not accessible to JavaScript)
  • Secure (only sent over HTTPS)
  • SameSite=Lax (not sent on cross-site requests)
  • Used solely for authentication — not tracking

Your data on the platform

WorkingAgents is designed so your data stays in your infrastructure. When you use the self-hosted platform, your agent data, tool calls, model requests, and audit logs remain inside your environment. We do not have access to your platform data unless you explicitly grant it for support purposes.

Data retention

  • Contact form data: retained as long as needed to respond to your inquiry, then deleted.
  • Server logs: retained for up to 90 days for security and debugging purposes.
  • Account data: retained while your account is active. Contact us to request deletion.

Your rights

Regardless of where you are located, you can:

  • Request a copy of any personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Withdraw consent for any optional data processing

If you are in the European Economic Area, you have additional rights under GDPR including the right to data portability, the right to restrict processing, and the right to lodge a complaint with your local supervisory authority.

Contact

For privacy-related questions or requests, reach out through our contact page.

Changes

We may update this policy as our practices evolve. Material changes will be noted on this page with an updated date.