Legal

Privacy Policy

Effective June 20, 2026

This Privacy Policy describes how AGAVE Engage ("AGAVE", "we", "us") collects, uses, and shares information when you use the platform. We minimize data collection to what's necessary to operate the service and never sell personal information to third parties.

1. Information we collect

Workspace owners + team members

  • Email address, name, and (optionally) profile photo from your auth provider.
  • Workspace name, slug, branding configuration, and integration credentials you supply.
  • Billing information processed by Stripe (we never see card numbers).
  • Server logs (IP, user agent, timestamp) for security and debugging.

Learners

  • An anonymous identifier stored in a first-party cookie so we can resume sessions.
  • Step interactions (which videos played, which answers were chosen, where the session ended).
  • Information learners voluntarily submit on lead-capture steps (name, email, phone).

2. How we use the information

  • To operate, secure, and improve AGAVE.
  • To send transactional emails (account verification, payment failure, trial-ending reminders, team invitations, lead notifications).
  • To compute usage analytics (anonymous learner counts, course funnel performance).
  • To enforce our Terms of Service and respond to abuse reports.

We do not use your data to train machine-learning models. Any AI-assisted features (question generation, title suggestions) are powered by Anthropic's API via Vercel AI Gateway and run only on the specific content you submit at the moment you trigger them.

3. Sharing

We share data only with subprocessors strictly necessary to deliver the service:

  • Google Firebase — auth, database (Firestore), file storage.
  • Vercel — application hosting and serverless functions.
  • Stripe — payment processing.
  • Resend — transactional email delivery.
  • Mux — video streaming for tenant videos.
  • Anthropic (via Vercel AI Gateway) — optional AI features.

If your workspace connects a CRM (such as GoHighLevel), submitted lead data is forwarded to that CRM under your direction. You control which courses route to which CRM account.

4. Cookies

We use a small number of first-party cookies: an authentication session cookie, an anonymous learner identifier, and a CSRF token. We do not use third-party advertising cookies. Your tenant may add Meta Pixel, TikTok Pixel, or Google Ads tags to its own published courses; those operate under each provider's own policies.

5. Your rights

You may request a copy of your personal data, correction of inaccuracies, or deletion at any time by contacting privacy@agavelms.app. For workspace data, the workspace owner is the controller and owns the deletion request flow.

EU/UK residents: AGAVE serves as the data processor for learner data your workspace collects. We respond to data-subject requests within 30 days and rely on Standard Contractual Clauses for transfers outside the EEA.

6. Retention

  • Active workspace data is retained for as long as your subscription is active.
  • After workspace deletion or 60 days post-suspension, we delete your data except where retention is required by law.
  • Server logs are retained for 30 days.
  • Stripe maintains payment records per its own retention policy.

7. Security

We use TLS for all network traffic, encrypt secrets at rest (AES-256-GCM), enforce per-tenant data isolation at the database layer, and rotate operator credentials regularly. We perform security reviews of significant changes before deploy.

8. Changes

We will post material changes to this Policy on this page and notify workspace owners via email at least 30 days before they take effect.

9. Contact

Questions or requests? privacy@agavelms.app