Powering Personalized Threat Intelligence

Last udpated

Privacy Policy

AgentCypher is a cybersecurity threat-intelligence service operated by N of 1, LLC ("N of 1," "we," "us," or "our"), an Indiana limited liability company. This policy describes the personal information we collect through our website at agentcypher.ai and through the AgentCypher service, how we use and share that information, where it is stored, and the rights you have over it.

We review this policy at least once a year and whenever we make a material change to how we handle data. The review date above reflects the most recent review.

Who this policy covers

AgentCypher is a business-to-business product. We deal with two groups of people:

  • Website visitors — anyone who browses agentcypher.ai.

  • Authorized users — employees or contractors of a customer organization who hold credentials to the AgentCypher service.

Most of the personal information in this policy is standard business-contact data. The threat-intelligence data that customers submit to the service ("Customer Data") is governed by our subscription agreement and Data Processing Agreement, summarized below under "Customer Data."

Privacy contact

N of 1 is headquartered in Indiana, United States. If you have questions about this policy, want to exercise your privacy rights, or have a complaint, contact our privacy team:

  • Email: privacy@agentcypher.ai

  • Mail: N of 1, LLC, [STREET ADDRESS, CITY, STATE, ZIP]

  • Privacy contact: [NAME / TITLE]

If you are in the European Economic Area or the United Kingdom and believe we have not resolved your concern, you may also contact your national data protection authority.

Personal information we collect and how we use it

We collect personal information in three ways: you give it to us, we collect it automatically when you use our website or service, and we sometimes receive it from third parties.

Information you give us. When you contact us, request a demo, or sign up as a user, we collect business-contact details: name, job title, employer name, work email, work phone number, and work address. We use this to respond to you, provision accounts, deliver and support the service, and send service-related communications.

Information from third parties. We may receive additional business or industry details about you from third parties, including professional networks such as LinkedIn. This typically adds context about your employer or role.

We do not sell personal information. We share it only with the providers that help us deliver the service, as described under "How we share information."

Use of the website

Our public site is built and hosted on Framer, which provides basic analytics about how visitors use the site, such as page views and general traffic patterns. This may include information like IP address, the general region your device connects from, browser type, and the pages you view. We use it to understand which pages visitors find useful and to maintain and improve the site. We have a legitimate interest in understanding how visitors use the site so we can improve our products and support.

Cookies and tracking

Our site uses only the cookies and similar technologies needed to run it and to provide Framer's analytics. Where required by law, we ask for your consent to non-essential cookies and let you decline them, and you can also control cookies through your browser settings.

Customer Data and the AgentCypher service

When an authorized user runs an investigation, the service processes the inputs the user submits and the conversation history, and it stores the results so the user can return to them. Customer Data may include network telemetry, vulnerability scan data, system configuration data, threat-intelligence inputs, and the content of queries and generated reports.

As between us and the customer, the customer owns its Customer Data. We process it only to provide and operate the service, to perform support and security functions, to meet legal obligations, and to generate de-identified, aggregated analytics that cannot identify any customer or individual. Our handling of Customer Data, including deletion and security commitments, is set out in the customer's subscription agreement and Data Processing Agreement, which control over this policy for personal data contained in Customer Data.

How AI processing works and our no-training commitment

AgentCypher uses third-party AI models to run investigations. Conversation context leaves our environment to two model destinations, split by job:

  • Agent reasoning goes directly to Anthropic (the Claude API) using our own API key, with no third-party relay.

  • Summarization and compaction go through OpenRouter to Google Gemini models.

We do not train, fine-tune, or benchmark any AI or machine-learning model on Customer Data without the customer's express written consent. Our model providers are bound by the same restriction on the paths data travels: Anthropic's paid-API terms prohibit training on inputs and outputs; the summarization path routes only to paid Google models whose terms prohibit training on inputs and outputs, with OpenRouter's training opt-out enabled. This commitment is also written into our subscription agreement.

The service also calls external threat-intelligence sources during an investigation (a curated cyber-news corpus searched through Qdrant, the Pulsedive threat-intelligence feeds, and Brave web search). Users can see, for each query, which tools ran and which sources the answer came from.

How we share information

We share personal information and Customer Data only with the providers needed to deliver the service. Our subprocessors are:

Provider

Purpose

Framer

Public website hosting and analytics

Amazon Web Services (US-East-2)

Application hosting

Supabase

Database (PostgreSQL) storage

Frontegg

Identity, authentication, SSO, MFA, and SCIM

Anthropic

AI model for agent reasoning

OpenRouter

AI routing for summarization

Google

Gemini AI models (via OpenRouter) for summarization

Qdrant Cloud

Vector search over the cyber-news corpus

Pulsedive

Threat-intelligence feeds

Brave

Web search

A current subprocessor list is available on request, and customers receive advance notice before we add a subprocessor with access to Customer Data, as set out in the subscription agreement.

Apart from these providers, we do not disclose your personal information to others for their own use unless: you request or authorize it; it is required to comply with law (for example, a subpoena or court order), to enforce an agreement, or to protect the rights, property, or safety of N of 1, our users, or others; it goes to our vendors or service providers acting on our behalf; or it is needed to address an emergency or a legal claim. We may share aggregated, non-identifying data for analytics and research.

The website may connect to third-party services such as LinkedIn. If you interact with those services through our site, their own privacy policies apply.

International data transfers

N of 1 is based in the United States, and the information we collect is processed in the United States. By using the service, you understand that your information will be processed in the U.S. The United States has not received an adequacy finding from the European Union under Article 45 of the GDPR. Where we transfer personal data from the EEA or the UK, we rely on appropriate safeguards under Article 46, including Standard Contractual Clauses, and on the cross-border transfer terms in our Data Processing Agreement. We update these mechanisms as the law changes.

Your privacy rights

Depending on where you live, you may have rights over your personal information. Under the GDPR these include the right to be informed; to access your data; to have it corrected; to have it erased; to restrict or object to processing; to data portability; and rights related to automated decision-making and profiling. Under the California Consumer Privacy Act (CCPA/CPRA) you have the right to know what we collect, to access and delete it, to correct it, and to opt out of any sale or sharing for cross-context behavioral advertising. We do not sell personal information.

To exercise any of these rights, email privacy@agentcypher.ai. We provide reasonable access at no cost and will respond within the timeframe required by applicable law. If we cannot meet a request, we will explain why. Where a request concerns personal data inside Customer Data, we will refer the request to the relevant customer and assist them in responding.

Security of your information

We maintain a written information security program with administrative, technical, and physical safeguards. Specific measures include:

  • Encryption in transit using TLS 1.2 or higher, and encryption at rest using AES-256.

  • Tenant isolation enforced at the database layer through PostgreSQL Row-Level Security, so one customer cannot access another customer's data.

  • Identity verification at the service edge and again at the data layer, with SSO, MFA, and SCIM available through our identity provider.

  • Role-based access controls limiting employee access to data to those with a documented business need, multi-factor authentication for administrative access, and background screening where permitted by law.

No system is perfectly secure, but we work to protect your information consistent with these standards and with our SOC 2 program.

Data storage and retention

Your personal data is stored on our servers and on the cloud database services we use, located in the United States. We retain service data for as long as the customer relationship continues and for a period afterward for our own operations and for archival purposes. We retain prospect data until it no longer has business value, then purge it.

In-flight investigation events are short-lived: they live in process for no more than 30 minutes and are then discarded. Persisted conversation history and exports are kept as described in the customer's agreement.

We delete a customer's data in full on written request, including conversations, documents, scheduled queries, and usage records. This commitment is recorded in our Data Processing Agreement and order form. For questions about storage, retention, or deletion, contact privacy@agentcypher.ai.

Children's data

The service is intended for business use. We do not knowingly collect information from children, and we do not direct the service to children.

Region-specific disclosures

This policy is intended to meet the disclosure requirements of the GDPR (EEA and UK) and the CCPA/CPRA (California). If you are subject to another privacy law and need region-specific information, contact privacy@agentcypher.ai.

Changes to this policy

We update this policy as our practices change and review it at least once a year. When we make a material change, we will update the effective date above and, where appropriate, notify customers. The current version is always available at agentcypher.ai/privacy.

Questions, concerns, or complaints

To ask a question, raise a concern, or exercise your rights, contact us:

  • Email: privacy@agentcypher.ai

  • Mail: N of 1, LLC, [STREET ADDRESS, CITY, STATE, ZIP]

AgentCypher

TM

AgentCypher is a premium threat intelligence agent that searches over 100+ sources and integrates your tech stack, sector, and security posture into every investigation, resulting in personalized intelligence specific to what you actually defend.

Links

Home

Features

404

Info

Blog

LinkedIn

Legal

Privacy policy

Terms of Service

@2025 AGENTCYPHER. All Rights Reserved.