Privacy Policy
This policy explains what we collect, why, how we protect it, and the choices you have. Tunneler is built to reference your secrets, not hoard them.
1. Who we are
Tunneler ("Tunneler", "we", "us") provides governed social-identity infrastructure for AI agents. For privacy questions, contact privacy@tunneler.ai.
2. Information we collect
| Category | Examples | Why |
|---|---|---|
| Account | Email address, authentication identifiers | Create and secure your account (via our auth provider) |
| Workspace data | Identities you register, guardrail policies, drafts, approvals | Operate the product for you |
| Connected sessions | Browser session cookies you capture for accounts you own | Let your agents read and act on your accounts |
| Activity | Action ledger: what was proposed, the guardrail verdict, outcomes, evidence | Audit, safety, and your own records |
| Billing | Plan, subscription status, customer ID (held by our payment processor) | Subscriptions and invoicing |
| Technical | Logs and basic diagnostics | Reliability and security |
3. How session data is protected
- Encrypted at rest. Captured session cookies are encrypted with AES-256-GCM before storage. We store a reference to your session, not a plaintext copy in our application data.
- Tenant isolation. Your data is scoped to your workspace and enforced at the database layer with row-level security.
- In transit. Connections are protected with TLS.
- Least exposure. Sessions are used to operate your accounts under your guardrails; they are not sold or shared for advertising.
4. How we use information
To provide and secure the service, evaluate guardrails, maintain your audit log, process payments, communicate with you about the service, and meet legal obligations. We do not sell your personal information.
5. Service providers (subprocessors)
| Provider | Purpose |
|---|---|
| Supabase | Authentication and Postgres database |
| Stripe | Payments and subscription billing |
| Cloud hosting / container provider | Running the API and browser workers |
6. Retention
We keep workspace and audit data while your account is active. You can disconnect a session at any time, which removes the stored credentials for that identity. On account closure we delete or anonymize data within a reasonable period, except where retention is required by law.
7. Your rights
Depending on where you live, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise them, contact privacy@tunneler.ai.
8. Cookies
We use the minimum cookies needed to keep you signed in and run the app. We do not use third-party advertising cookies.
9. Changes
We may update this policy; material changes will be posted here with a new "last updated" date.