Legal

Privacy Policy

Last updated: April 26, 2026

This page describes how Inhouse Agents (a Lopie Dev product) collects and uses information on the marketing site at inhouseagents.ai and the customer console at app.inhouseagents.ai. Self-host customers run the software on their own infrastructure — most data flows described below do not apply to that deployment.

1. What we collect

Marketing site (inhouseagents.ai):

  • Form submissions — when you fill the lead form: your name, work email, company (optional), and the free-text field describing what you'd like to automate.
  • Analytics — Google Analytics 4 records anonymized page views, referrers, and rough geography. We do not collect names, emails, or IP addresses through analytics. Analytics fire only after you accept cookies.
  • Cookies — a small first-party cookie stores your consent choice. Google Analytics sets _ga and _ga_DC96VJK0NW cookies only after you accept.

Customer console (app.inhouseagents.ai):

  • Account credentials — username and a hashed password.
  • Session cookies — JWT cookies that sign you in for the duration of your session.
  • OAuth tokens for any tools you connect (Google, Microsoft, Salesforce, Slack, HubSpot). Tokens are encrypted at rest with AES-256-GCM.
  • Operational data — agent prompts, transcripts, tool-call logs, cost metrics. Used to operate the service and surface in your dashboard.

2. How we use it

  • Respond to leads, schedule demos, and process subscriptions.
  • Operate the customer console: agent execution, integrations, observability.
  • Email transactional notices (sign-in, password reset, account state changes).
  • Improve the product — diagnose bugs, measure feature usage in aggregate.

We do not sell your data, share it with advertisers, or use it to train AI models.

3. Subprocessors

The following third parties process limited data on our behalf:

  • Amazon Web Services (AWS) — hosts the marketing site and customer console (us-east-1).
  • GoHighLevel — CRM for marketing leads (US-hosted).
  • Google Analytics 4 — anonymized site analytics (after consent only).
  • TidyCal — meeting booking when you click "Book a demo".
  • Google Workspace — email infrastructure for our team's mailboxes.

Each subprocessor has its own privacy and security posture. EU residents: the named services involve cross-border data transfers to the United States.

4. Retention

  • Lead form submissions — kept until you ask for deletion or for 7 years, whichever comes first.
  • Analytics — Google Analytics retains user-level data for 14 months by default.
  • OAuth tokens — retained until you disconnect the integration in the console.
  • Operational logs — 30 days for active customers; 7 days after account closure.
  • Self-host deployments — retention is entirely up to you. We do not retain any data from self-hosted instances.

5. Your rights

You can request:

  • Access — a copy of the data we hold on you.
  • Correction — fix inaccurate information.
  • Deletion — remove your account and any associated marketing data.
  • Opt-out — withdraw analytics consent, unsubscribe from marketing emails.

Email privacy@inhouseagents.ai and we'll respond within 30 days.

6. Security

We use industry-standard practices: TLS 1.3 in transit, AES-256-GCM at rest for sensitive data, OAuth scope minimization, and per-tenant isolation on the customer console. See our Security page for the full posture.

7. Changes to this policy

If we materially change this policy, we'll notify customers by email and update the "Last updated" date above. Marketing-only visitors will see the change reflected here.

8. Contact

Questions or requests: privacy@inhouseagents.ai.

This Privacy Policy is provided as transparency on our practices. It is not legal advice. We will update it if a future legal review identifies gaps.