legal

Privacy Policy

Last updated: May 1, 2026  ·  Effective: May 1, 2026

This Privacy Policy explains how Cognire LLC, a Georgia limited liability company and the parent company that owns and operates the agent14 brand and platform (collectively "Cognire", "agent14", "we", "us"), collects, uses, shares, and protects personal information when you use agent14.online, our dashboard, APIs, and related services (the "Service"). Cognire LLC is headquartered in the State of Georgia, USA. By using the Service you acknowledge the practices described here.

1. Scope

This Policy applies to information we collect about (a) visitors to our website, (b) account holders and their authorized users, and (c) end-users who interact with hosted agents you build on the Service. It does not apply to third-party websites or services that have their own privacy policies.

Controller / Processor. For information about you as a customer or visitor, agent14 is the "controller" (or, in California, "business"). For Customer Content you submit, you are the controller and agent14 acts as your "processor" (or "service provider") under applicable law.

2. Information We Collect

a. Information you provide

  • Account data: name, email address, password (hashed), display name, avatar.
  • Billing data: billing name and address, last four digits of payment card, payment-processor token. Full card numbers are handled by our PCI-DSS compliant processor; we do not store them.
  • Customer Content: the prompts, files, and other inputs you submit, and the AI outputs returned to you.
  • Communications: messages you send to support, survey responses, and marketing preferences.

b. Information collected automatically

  • Device & log data: IP address, browser type, operating system, language, referring URL, pages viewed, timestamps, error logs.
  • Usage data: features used, requests sent, model and token counts, latency, cost metrics, session length.
  • Cookies and similar technologies: see Section 8 below.

c. Information from third parties

  • Identity providers (e.g., Supabase Auth, Google) when you sign in through them.
  • Payment processors (e.g., Stripe) for transaction status.
  • Analytics and security providers for fraud-prevention and bot detection.

3. How We Use Information

We process personal information for the following purposes and on the legal bases noted (where European law applies, the bases are listed in brackets):

  • Provide, operate, secure, and improve the Service [contract; legitimate interests].
  • Authenticate users and prevent fraud, abuse, and security incidents [legitimate interests; legal obligation].
  • Process payments and manage subscriptions [contract; legal obligation].
  • Send transactional communications (e.g., receipts, security alerts, password resets) [contract].
  • Send service updates and, with consent where required, marketing communications [consent; legitimate interests]. You can opt out at any time.
  • Comply with law and respond to lawful requests from authorities [legal obligation].
  • Defend and enforce our legal rights, including the agent14 Terms [legitimate interests].
  • Conduct internal research and analytics in aggregated or de-identified form.

4. AI-Specific Data Practices

Important. Please read. The Service uses third-party AI models. Information you submit may be transmitted to those providers for inference. Do not submit information you are not authorized to share with them.
  • Inference processors. We send Inputs to AI inference providers such as the Lovable AI Gateway, OpenAI, Anthropic, Google, and similar services to generate Outputs. These providers process Inputs only as our service providers.
  • No training on your content by default. We do not use your Inputs or Outputs to train our or any third party's foundation models unless you expressly opt in. Where we have visibility into a provider's settings, we configure them to disable training on Customer Content.
  • Abuse monitoring and safety. Inputs and Outputs may be retained by us or our providers for a limited period for safety, abuse-detection, and legal-compliance purposes (typically up to 30 days, longer where required by law or to investigate an active incident).
  • Hallucinations and accuracy. AI Outputs may be inaccurate, incomplete, or misleading. We do not represent that Outputs are accurate, and we are not responsible for decisions you make based on them. See the Terms, Section 9.
  • No automated decisions with legal effect. agent14 itself does not use personal information to make decisions about you that produce legal or similarly significant effects without human involvement. If you build hosted agents that do, you are responsible for compliance with applicable law (including the FCRA, ECOA, ADA, and state AI laws).
  • Sensitive categories. Do not submit sensitive personal information (e.g., government identifiers, precise geolocation, biometric data, health information, children's data, or information about criminal proceedings) unless you have a documented lawful basis and a separate written agreement with us covering it. The Service is not HIPAA-compliant by default.
  • Synthetic content. If you publish AI-generated content, you may be required by law to disclose that fact. agent14 does not automatically apply provenance metadata; you are responsible for any required watermarking or labeling.

5. How We Share Information

We share personal information only as described below. We do not sell personal information for monetary consideration.

  • Service providers / sub-processors who help us run the Service, including hosting (e.g., Cloudflare), database and auth (Supabase), AI inference (Lovable AI Gateway, OpenAI, Anthropic, Google, Meta WhatsApp), payments (e.g., Stripe), email/SMS delivery, analytics, and security. They may process personal information only on our instructions and under contract.
  • Within your organization or workspace, where applicable.
  • Legal and safety. When we reasonably believe disclosure is required by law, legal process, or to protect the rights, safety, or property of agent14, our users, or others.
  • Business transfers. In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets. We will require the recipient to honor this Policy.
  • With your consent. For any other purpose disclosed at the time of collection.

6. Data Retention

We retain personal information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

  • Account data: for the life of your account plus up to 24 months after deletion (for backup, audit, and dispute purposes).
  • Customer Content: until you delete it or until 30 days after account deletion.
  • Logs: typically up to 90 days for security and operational logs.
  • Billing and tax records: at least 7 years, as required by U.S. tax law.
  • Abuse-monitoring data: typically up to 30 days unless an investigation requires longer retention.

7. Security

We use commercially reasonable administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS), encryption at rest where appropriate, role-based access control, secrets management, audit logging, least privilege, and routine reviews of our service providers. No system is perfectly secure. You are responsible for maintaining the confidentiality of your account credentials.

Breach notification. If we become aware of a breach of unencrypted personal information about a Georgia resident, we will notify you in accordance with the Georgia Personal Identity Protection Act, O.C.G.A. § 10-1-910 et seq., and any other applicable state or federal breach-notification law.

8. Cookies and Tracking

We use first-party cookies and similar technologies to keep you signed in, remember preferences, secure the Service, and measure usage. You can control cookies through your browser settings. We currently honor Global Privacy Control (GPC) signals where applicable. We do not knowingly engage in cross-context behavioral advertising.

9. Your Rights

Depending on where you live, you may have some or all of the following rights:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete your personal information, subject to legal exceptions.
  • Port your information in a structured, machine-readable format.
  • Opt out of marketing communications and of any "sale" or "sharing" of personal information for cross-context behavioral advertising (we do not engage in either).
  • Restrict or object to certain processing.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with your local data-protection authority or, in the U.S., your state Attorney General.

Georgia residents. Georgia does not currently have a comprehensive consumer privacy statute, but we extend the access, correction, and deletion rights described above to Georgia residents as a matter of policy. To exercise a right, please submit a request through our contact form from the account you wish to act on. We will verify your identity before responding and will reply within the timeframes required by applicable law (typically 30 to 45 days).

Authorized agents. You may use an authorized agent to submit requests where allowed by law. We may require the agent to provide proof of authorization and may require you to verify your identity with us directly.

Non-discrimination. We will not discriminate against you for exercising any of the rights described in this Policy.

10. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us personal information, please let us know through our contact form and we will delete it promptly. The Service is not COPPA-compliant.

11. International Transfers

agent14 is based in the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the United States and other countries that may have data-protection laws different from those in your country. Where required by law (e.g., GDPR), we rely on appropriate transfer mechanisms such as the EU Standard Contractual Clauses.

12. California Disclosures (CCPA/CPRA)

In the past 12 months we have collected the categories of personal information described in Section 2 (Identifiers, Commercial Information, Internet/Network Activity, Inferences, and Customer Content). We disclose those categories for the business purposes in Section 3 to the categories of recipients in Section 5. We do not sell or share personal information as those terms are defined under the CCPA/CPRA. We do not knowingly collect or sell the personal information of consumers under 16. California residents may exercise access, deletion, correction, opt-out, and limit-use-of-sensitive personal information rights as described in Section 9.

13. Other U.S. State Disclosures

Where the comprehensive privacy laws of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, or other U.S. states apply, we will honor the access, correction, deletion, portability, and opt-out rights described in Section 9. To appeal a denial of a rights request, reply to our denial email and write "Privacy Appeal" in the subject line.

14. Changes to this Policy

We may update this Policy from time to time. If we make a material change we will provide reasonable notice (for example, by updating the "Last updated" date and, where appropriate, by email or in-app notice). Your continued use of the Service after the effective date of the updated Policy constitutes your acceptance.

15. Contact Us

For questions about this Policy or to exercise your rights, please get in touch through our contact form, or write to us by mail at:

Cognire LLC
Attn: Privacy
State of Georgia, USA

See also our Terms of Service.

This document is a template provided as a starting point and is not legal advice. Please have it reviewed and customized by a Georgia-licensed attorney before relying on it.