Privacy Policy

Last Update: April 28, 2026

Introduction

This Privacy Policy explains how Agent Bayes handles personal information in connection with the Services available at https://agentbayes.com, https://app.agentbayes.com, and related subdomains, APIs, and integrations, including the invite-only research application, the marketing website, and the Zotero integration.

Agent Bayes is currently an invite-only, non-commercial private beta. Accounts are provisioned manually by Agent Bayes. There is no public self-service registration. We also operate an early-access form on the marketing website for people who want to request an invitation.

For convenience, we use the term "personal information" to mean information that identifies you or can reasonably be linked to you.

This Privacy Policy is incorporated by reference into the Agent Bayes Terms of Use at https://agentbayes.com/terms and should be read together with it. If you do not agree with this Privacy Policy, please do not use the Services.

1. Scope and Beta Status

This Policy applies to:

  • The marketing website.
  • The authenticated web application.
  • The API.
  • Emails we send about account access, password resets, beta updates, or limited marketing communications.
  • The Zotero integration and other integrations you choose to use with the Services.

Because the Services are in private beta, features and data flows may change. If we make a material change to this Policy, we will update this page and, where appropriate, notify affected users.

2. Information We Collect

2.1. Information You Provide Directly

We may collect information you give us directly, including:

  • early-access information, such as your full name, email address, role, institution, use case, and waitlist or campaign tag.
  • account information, such as first name, last name, username, email address, and password (stored only in hashed form).
  • research workspace information, such as project names and descriptions, knowledge base names and descriptions, document metadata, document tags, labels, bookmarks, annotations, uploaded images, citations, mindmap content, custom instructions, conversation messages, and other edits you make within the Services.
  • documents and files you upload or sync, including PDFs, related metadata, and content imported through integrations such as the Zotero plugin.
  • API access information, such as API key names, expiry settings, and related usage metadata.
  • communications and feedback, such as emails you send us, support requests, bug reports, and beta feedback.

2.2. Information We Generate or Observe When You Use the Services

We may collect or generate operational information such as:

  • login and account events, including last login time, password setup and reset events, account status, and account deletion requests.
  • research activity records, such as knowledge base assignments, mindmap edits history, conversation history, citation associations, AI verification runs, labels, and credit ledger entries.
  • document processing metadata, such as content hashes, file names, file size, page count, processing status, chunking and indexing status, timestamps, and derived metadata needed to run the Services.
  • technical information, such as IP address, user agent, request metadata, timestamps, browser type, error logs, and abuse-prevention or debugging records.

We collect this information to operate the Services, secure accounts, debug failures, prevent abuse, and maintain the state and history features that are core to Agent Bayes.

2.3. Information Stored in Your Browser

The Services also use browser storage for product functionality.

On the marketing website, we use local browser storage to remember limited client-side preferences or states, such as theme preference and whether the early-access form has already been submitted from that browser.

In the authenticated web application, we store access tokens, refresh tokens, basic account state, your preference for staying signed in, where to send you after sign-in, and selected client-side cache entries in local storage or session storage. If you disable browser storage, parts of the Services may not work correctly.

2.4. Information From Integrations

If you use the Zotero integration or another integration we make available, we may receive the content and metadata you choose to sync into Agent Bayes, such as bibliographic metadata and selected files attached to a Zotero item.

3. How We Use Information

We may use personal information to:

  • provide, maintain, and secure the Services.
  • provision invite-only beta accounts and support password setup, login, token refresh, and account recovery.
  • operate research features, including document indexing, OCR and extraction, semantic search, citation tracking, mindmap history, labels, annotations, translation, citation verification, and agent-assisted synthesis.
  • generate and maintain bibliographic records, provenance links, and workspace history.
  • provide API access and track API key lifecycle and usage.
  • send transactional emails, such as password setup, password reset, account access, inactivity, or service notices.
  • send limited beta updates or other communications, and marketing emails where permitted and not opted out.
  • detect, investigate, and prevent abuse, security incidents, fraud, unauthorized access, and violations of the Terms of Use.
  • debug, improve, and evaluate the Services, including private-beta reliability and product development.

4. AI Processing and Research Content

Agent Bayes is a research system. If you upload documents, create mindmaps, run searches, verify citations, translate passages, or ask the agent to synthesize material, your content may be processed by automated systems and external model providers as needed to perform those functions.

This can include processing for OCR, layout-aware extraction, semantic chunking, embedding generation, retrieval, summarization, translation, citation verification, and response generation. We use this processing to operate the features you request. We do not use your information for advertising or cross-context behavioral profiling.

5. How We Share Information

We do not sell your personal information.

We may share information only in the following limited circumstances:

  • with infrastructure and software providers that help us operate the Services, such as cloud hosting, object storage, database, email, and AI or model providers.
  • with integrations you choose to use, to the extent needed to complete the action you requested.
  • with service providers or contractors helping us support, secure, or maintain the private beta under confidentiality obligations.
  • when required to comply with applicable law, legal process, or a valid governmental request.
  • when reasonably necessary to investigate abuse, enforce the Terms of Use, protect the security or integrity of the Services, or protect users or the public from harm.

Current external providers include OpenAI for model, embedding, and related AI processing, and Amazon Web Services for cloud infrastructure, including object storage and email delivery.

6. Cookies and Similar Technologies

The Services are not operated as an advertising-supported site. We do not use Google Analytics, Google AdSense, tracking pixels, or web beacons across the Services, and we do not intentionally use third-party advertising cookies.

The product relies primarily on browser storage rather than login cookies for authenticated web sessions. Some technically necessary cookies or similar headers may still be created by the hosting stack, browser, or future service components, but we do not use them for interest-based advertising.

You can clear local storage, session storage, and cookies through your browser settings, but doing so may sign you out, remove local preferences, or reduce functionality.

7. Data Retention

We keep personal information for different periods depending on what it is and why we need it.

  • Early-access requests are kept while the relevant invitation cycle or beta outreach remains active, unless you ask us to delete them earlier or unsubscribe from future outreach. We delete or anonymize unused early-access submissions within 12 months if the person has not been invited to or onboarded onto the Services.
  • Account information is kept while your account is active.
  • If you request account deletion, your account currently enters a pending-deletion state for 14 days so you can restore it. After that period, we aim to delete or de-identify the account data from active systems, except where we need limited records for security, abuse prevention, audit integrity, or to honor legal obligations.
  • Research workspace data, uploaded files, derived indexes, citations, labels, annotations, mindmap history, and conversation history are generally retained until you delete them, your account is deleted, or the private beta is discontinued. If the beta is discontinued, we will give users reasonable notice and an opportunity to export their data. Because this is a private beta, we do not promise indefinite retention or uninterrupted availability.
  • Password reset data is short-lived. Reset links are issued with a short validity period, and current reset emails state a 15-minute expiry window.
  • API key records are kept until they expire, are revoked, or are no longer needed for security and audit purposes.
  • Operational logs and technical diagnostics are retained only for as long as reasonably needed for security, debugging, abuse prevention, and service reliability.

8. Security and Incident Response

We use reasonable administrative, technical, and organizational measures designed to protect personal information. These measures may include access controls, password hashing, signed tokens, separation between authenticated and public endpoints, and storage controls for uploaded files and derived data.

No internet or storage system is completely secure, and we cannot guarantee absolute security. If we become aware of a data breach affecting personal information, we will investigate it, take reasonable steps to contain and remediate it, and notify affected users and authorities without undue delay when required by applicable law or when we judge it appropriate to do so.

9. Your Choices and Rights

Depending on your relationship with the Services and applicable law, you may have the ability to:

  • access, correct, update, or request a copy of certain account information or personal information we hold about you.
  • request deletion of your account or other personal information.
  • unsubscribe from marketing emails using the unsubscribe link or by contacting us.

Some requests may be limited where we need to protect other users, preserve security, prevent fraud or abuse, keep required records, or maintain the integrity of research history and audit trails.

We do not offer a general privacy-controls page at a public settings URL. For privacy requests, contact us at contact@agentbayes.com.

We do not sell personal information or use it for cross-context behavioral advertising. Agent Bayes does not respond to browser "Do Not Track" signals.

10. International Processing and Israeli Law

Agent Bayes is operated from Israel. Personal information may be processed in Israel and in other countries where our infrastructure or service providers operate, including the United States. Our primary cloud infrastructure is hosted in the us-east-1 AWS region (Northern Virginia).

We handle personal information subject to applicable Israeli law, including the Israeli Privacy Protection Law, 1981, and other applicable privacy and data-security requirements. Where cross-border transfers are involved, we aim to use reasonable contractual and operational safeguards appropriate to the circumstances.

11. Children

The Services are intended for adults. You may not use the Services if you are under 18 years old. If we learn that we have collected personal information from a child under 18, we will take reasonable steps to delete it.

12. Third-Party Links and Content

The Services may link to third-party websites, academic publishers, Zotero, or other services that we do not control. Their privacy practices are governed by their own policies, not this one. If you follow those links or use those services, you do so subject to their terms and policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time, especially as the private beta evolves. When we make material changes, we will update the "Last Update" date above and may provide notice through the Services or by email where appropriate.

14. Contact

If you have questions, requests, or concerns about this Privacy Policy or our handling of personal information, contact us at contact@agentbayes.com.