Privacy Policy

Last updated: February 2026

1. Overview

TameFlare ("we", "us") is a source-available control plane for AI agent governance, licensed under the Elastic License v2 (ELv2). This policy describes how we handle your data.

2. Your Data

TameFlare stores your gateway configurations, policies, audit logs, and account information. Credentials stored in the vault are encrypted at rest (AES-256-GCM). Your agent's HTTP traffic is routed through the cloud gateway at proxy.tameflare.com and forwarded to upstream APIs.

3. Data We Process

If you interact with our website or purchase a subscription, we may collect:

  • Account information - email address, name, and hashed password when you create an account.
  • Usage data - action counts, agent counts, and feature usage for billing and analytics. We do not inspect the content of your action specs or parameters.
  • Website analytics - first-party privacy-friendly analytics (Plausible). No third-party trackers, no session replay, no ad tracking. We collect anonymous page views and referrer data to improve the product.

4. Data Security

Connector credentials (Slack tokens, GitHub PATs, Stripe keys) stored in TameFlare are encrypted at rest using AES-256-GCM when a SETTINGS_ENCRYPTION_KEY is configured. Agent authentication keys (used to authenticate agents with the TameFlare API) are stored as one-way bcrypt hashes. Decision tokens use ES256 (ECDSA P-256) cryptographic signatures.

5. Third-Party Services

TameFlare integrates with third-party services (GitHub, Slack) only when you explicitly configure those integrations. With the CLI credential path, credentials are stored locally on your machine. With the dashboard wizard, credentials are encrypted and stored on TameFlare infrastructure (EU). Webhook callbacks are sent to your specified URLs.

6. Data Retention

Audit log retention depends on your plan (Starter: 30 days, Pro: 90 days, Team: 1 year, Enterprise: custom). Session data and expired nonces are purged automatically. You can export your audit log as CSV at any time from the dashboard.

7. Contact

For privacy-related questions, contact us at info@tameflare.com.