Policy

Privacy.

Last updated: May 18, 2026 · Plain English version below.

The short version

AgenticSource is a search and routing API. We collect the minimum data needed to run the service: your email, your subscription, and per-request usage logs to enforce plan limits and bill correctly. We do not sell, share, or resell your data. You can export it or delete your account at any time.

Below is the long version with the regulatory specificity privacy lawyers expect.

1. Who we are

AgenticSource is operated as a sole proprietorship by Jacob Fussell (the "operator"), reachable at hello@agenticsource.dev. The service operates at agenticsource.dev. This document covers the website, the MCP API, and the dashboard.

2. What we collect

Account data

  • Email address (you provide it; used for sign-in and billing)
  • Subscription status, plan, and renewal dates (synced from Stripe)

Usage data

  • Per-API-call records: timestamp, tool called, response status, latency, source served
  • Aggregated request counts used to enforce monthly quotas

What we don't collect

  • We do not log the content of search results or media we return to you
  • We do not store the queries you send for longer than the cache TTL
  • We do not use cookies for advertising or third-party tracking

3. How we use it

  • Operate the service: serve your API requests, enforce plan limits, return accurate results
  • Bill correctly: reconcile subscription charges and any boost-pack purchases with Stripe
  • Transactional communication: email magic links for sign-in, send receipts, notify you of quota events
  • Improve reliability: aggregated metrics show us which upstream sources are slow or failing

We do not use your data to train models, sell it to third parties, or hand it to anyone outside the operator without your explicit consent or a binding legal order.

4. Who else sees it

We use the following sub-processors, each scoped to a specific function:

  • Cloudflare — Worker hosting, D1 database, KV cache, DNS, edge security. Privacy policy.
  • Stripe — payment processing, subscription billing, tax handling. We never see your full card number. Privacy policy.
  • Resend — transactional email delivery (magic links, receipts). Privacy policy.

Every API call your agent makes also passes through whichever upstream media provider serves the result (Unsplash, Pexels, Pixabay, NASA, Met Museum, Wikimedia, etc.). Those providers see the search query you sent, but not your email or AgenticSource account identifier.

5. Where it lives

Account data and usage logs live in Cloudflare D1 on US-based edge infrastructure. Cache data is in Cloudflare KV at the edge. Email metadata is in Resend (US). Stripe holds payment data per their PCI-compliant infrastructure.

6. How long we keep it

  • Account data: until you delete your account, plus 30 days for any final billing reconciliation
  • Usage logs: 90 days, after which they are aggregated and the per-request records purged
  • Magic-link tokens: 15 minutes (then expired and never reused)
  • Cache entries: 24 hours to 30 days depending on the asset type

7. Your rights

You can, at any time and without justification:

  • Export your data by emailing hello@agenticsource.dev
  • Delete your account via the dashboard or by emailing us
  • Correct any data we hold that is wrong
  • Object to processing for any specific purpose (we will stop unless we have an overriding legal basis, which we don't anticipate)

Residents of California, the EU, and UK have the same rights under CCPA, GDPR, and UK GDPR respectively. We will respond to verified requests within 30 days.

8. Security

All traffic to AgenticSource is TLS-encrypted. API keys are stored as SHA-256 hashes — we cannot recover a key if you lose it. Magic-link tokens are one-time-use and short-lived. We never log secret values. The operator account uses a unique strong password and 2FA.

If we discover a breach affecting your data, we will notify you within 72 hours via the email on your account.

9. Children

AgenticSource is a developer tool. It is not directed at anyone under 13, and we do not knowingly collect data from anyone under 13. If you believe a minor has signed up, email hello@agenticsource.dev and we will delete the account.

10. Changes

If we change this policy materially, we will email everyone with an active account at least 14 days before the change takes effect. Minor edits (typos, clarifications) will be reflected here with an updated "last updated" date.

11. Contact

Questions, requests, or anything else: hello@agenticsource.dev. We read every message.