Catalyst
Legal

Privacy Policy

Last updated: July 2, 2026

This page explains what Catalyst Agent Solutions collects, why, and what we do with it. The short version: we collect what we need to run your agents and bill you, we don't sell any of it, and the most sensitive things you give us are encrypted and never shown to anyone, including the agents themselves.

What we collect

Account basics. Your name, email, and company details. Passwords are stored hashed; we can't read them.

Onboarding answers and files. What you tell us about your workflows, plus any documents or spreadsheets you upload so your agent can work with them.

Connection credentials. When you connect a tool through its sign-in page, the provider gives us an access token. We encrypt it and keep it server-side. It's never sent to your browser and never handed to the agent; the agent asks our backend to act, and the backend checks permissions first.

Activity records. An audit log of what your agents and team members do in the portal. That log exists for you; it's how you check what happened and when.

Billing. Handled by Stripe. We see your subscription status and invoices. We never see or store your card number.

What we do with it

We use your information to run the service: configure your agents, execute the workflows you've approved, show you what happened, answer support questions, and send you invoices. That's the list.

We don't sell your data, we don't rent it to advertisers, and we don't use your business data to train AI models.

Who else touches your data

A few service providers, each for a specific job: Stripe for payments, an email delivery service for things like team invites, our hosting provider for running the platform, and AI model providers that process prompts when your agent runs. Your prompts go to a model provider so the agent can think; your stored credentials do not.

We'll hand over data if the law genuinely requires it, and we'll tell you when we're allowed to.

How we protect it

Traffic is encrypted in transit. Connection tokens and API keys are encrypted at rest with keys that live only on the server. Access inside the platform is scoped per account: your data is filtered to your account on every read and write, and admin actions require admin access. Sensitive agent actions sit behind your approval, and everything lands in the audit log.

How long we keep it

For as long as your account is active. Close your account and you have 30 days to ask for an export; after that we delete your data, keeping only what we're legally required to hold. Revoking a connected account deletes its stored token immediately.

Your choices

You can edit your account details in settings, disconnect or revoke any connected tool whenever you want, cancel your subscription from the billing page, and email us to get a copy of your data or have it deleted. None of those require a phone call or a retention specialist.

Scope

This is a business tool. It isn't directed at children, and you have to be old enough to form a contract to use it. If we make a meaningful change to this policy, we'll email you before it takes effect.

Anything unclear? Ask us: hello@catalystagents.com.