Privacy Policy

Effective date: March 24, 2026 · Last updated: March 24, 2026

1. Introduction

Welcome to isol8. isol8 Inc. (“isol8,” “we,” “us,” or “our”) operates an AI agent hosting platform that provides users with dedicated, isolated containers for running AI agents. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform and services.

By accessing or using isol8, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of our services.

2. Information We Collect

We collect the following categories of information:

• Account Information: When you create an account, we collect your name, email address, and authentication credentials through our identity provider, Clerk. This includes your user ID and profile metadata.
• Usage Data: We collect information about how you interact with the platform, including session activity, feature usage, API call frequency, and container resource consumption.
• Agent Interaction Data: Messages you send to and receive from your AI agents, agent configuration settings, installed skills, and workspace files stored within your isolated environment.
• Billing Information: Payment details are collected and processed by Stripe. We store your Stripe customer ID, subscription tier, and usage-based billing records. We do not directly store credit card numbers.
• Technical Data: IP addresses, browser type, device information, and connection metadata required to maintain your WebSocket sessions.

3. How We Use Your Information

We use the information we collect to:

• Provide and operate the service: Provision your dedicated containers, maintain WebSocket connections, execute agent interactions, and deliver platform functionality.
• Process billing: Calculate usage-based charges, manage subscriptions, process payments through Stripe, and maintain accurate billing records.
• Improve the platform: Analyze aggregate usage patterns to improve performance, reliability, and user experience. We use anonymized and aggregated data for this purpose.
• Ensure security: Detect and prevent fraud, abuse, and unauthorized access to your account and containers.
• Communicate with you: Send service-related notifications, respond to support requests, and provide important updates about your account or our policies.

4. Data Storage & Security

We take the security of your data seriously and employ industry-standard measures to protect it:

• Infrastructure: Our platform runs on Amazon Web Services (AWS) infrastructure, leveraging their enterprise-grade physical and network security controls.
• Encryption at rest: All stored data, including database contents, file system volumes, and secrets, is encrypted at rest using AWS KMS-managed encryption keys.
• Encryption in transit: All data transmitted between your browser and our servers, and between internal services, is encrypted using TLS.
• Per-user isolation: Each user receives a dedicated, isolated container environment on AWS ECS Fargate. Your agent workspaces are stored on dedicated EFS access points, ensuring complete separation from other users’ data.
• Secrets management: Sensitive credentials and API keys are stored using AWS Secrets Manager with envelope encryption.

5. AI & Agent Data

Your interactions with AI agents are treated with special care:

• Conversation storage: Agent conversations are stored within your per-user isolated workspace. Only you (and authorized platform systems required for operation) can access this data.
• No model training: Your agent conversations, workspace files, and interaction data are not used to train, fine-tune, or improve any AI or machine learning models. Your data remains yours.
• User control: You retain full control over your agent data. You can view, manage, and delete agent memory, conversation history, and workspace files at any time through the platform interface.
• LLM inference: When your agents use AI models, prompts are sent to the inference provider (e.g., AWS Bedrock) for real-time processing only. These providers process requests under their enterprise terms, which prohibit using your data for model training.

6. Third-Party Services

We rely on the following third-party services to operate our platform. Each has its own privacy policy governing data handling:

• Clerk — Authentication, user identity management, and session handling.
• Stripe — Payment processing, subscription management, and usage-based billing.
• Amazon Web Services (AWS) — Cloud infrastructure, container orchestration, file storage, and secrets management.
• AWS Bedrock — Large language model inference for AI agent capabilities, operating under AWS’s enterprise data processing terms.

We do not sell your personal information to any third party.

7. Data Retention

We retain your personal information for as long as your account remains active and as needed to provide our services. Specifically:

• Active accounts: Your data, including agent workspaces, conversation history, and configuration, is maintained for the duration of your account.
• Account deletion: When you delete your account, we initiate deletion of your personal data, agent workspaces, container resources, and associated records. This process is completed within 30 days, except where retention is required by law.
• Billing records: Transaction and billing records may be retained for up to 7 years as required for tax, legal, and accounting compliance.
• Aggregated data: Anonymized, aggregated usage statistics that cannot identify individual users may be retained indefinitely for analytics purposes.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of any inaccurate or incomplete personal data.
• Deletion: Request deletion of your personal data and account, subject to legal retention requirements.
• Data export: Request a portable copy of your data, including agent configurations and workspace files.
• Restriction: Request restriction of processing of your personal data in certain circumstances.
• Objection: Object to processing of your personal data for specific purposes.

To exercise any of these rights, please contact us at privacy@isol8.co. We will respond to your request within 30 days.

9. Cookies & Tracking

We use a minimal set of cookies and similar technologies:

• Authentication tokens: Session cookies managed by Clerk to keep you signed in and secure your account.
• Essential cookies: Cookies strictly necessary for platform functionality, such as connection state and user preferences.

We do not use third-party advertising trackers, social media tracking pixels, or cross-site analytics cookies. We do not participate in ad networks or sell tracking data.

10. Children’s Privacy

isol8 is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected data from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at privacy@isol8.co.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by updating the “Last updated” date at the top of this page and, where appropriate, provide additional notice via email or an in-app notification.

We encourage you to review this Privacy Policy periodically. Your continued use of isol8 after any changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@isol8.co
• Company: isol8 Inc.

We are committed to resolving any privacy concerns promptly and transparently.