Legal
Privacy Policy
DapplePot Pvt. Ltd. (“DapplePot”, “we”, “us”) provides a security observability platform for AI agents. This Privacy Policy explains what personal data we handle, why we handle it, and your rights in relation to that data.
1. About this Policy
This Policy covers our website (dapplepot.com), the dashboard (app.dapplepot.com), the DapplePot SDK, and the DapplePot API (api.dapplepot.com). It does not cover third-party LLM providers (such as OpenAI or Anthropic) that you connect to your agent — their own policies govern the data sent to them.
If you have questions about this Policy or how we handle your data, write to founder@dapplepot.com.
2. Our role: controller vs. processor
DapplePot is the controller of:
- account, login, and billing data we collect from you directly; and
- data we collect through our website.
DapplePot is a processor acting on the customer's instructions for:
- all Customer Content sent through the SDK or API (described in §3.3); and
- security findings and risk scores derived from that Customer Content.
The customer is the controller of any end-user data they choose to send through their agent. End-users who want to exercise data subject rights over content the customer sent us should contact the customer first.
3. What we collect
3.1 Account data
Name, work email, password hash, role, tenant membership, login timestamps, and the IP address used to sign in.
3.2 Billing data
Subscriptions are processed by Lemon Squeezy acting as our Merchant of Record. We receive a Lemon Squeezy customer ID, subscription tier, status, and invoice metadata via webhook. We do not see or store card numbers, CVCs, or bank details.
3.3 Customer Content via the SDK and API
When you instrument an agent, the SDK transmits structured event records to the DapplePot API. These records cover:
- LLM call activity — model name, prompts, completions, token counts, latency, and finish reason;
- Tool call activity — tool name, inputs, and outputs;
- Session and node activity — structure, timing, and any optional end-user or end-tenant identifiers you choose to attach;
- Security findings produced in real time — check identifier, severity, and a reference to the originating event.
These records may contain personal data depending on what flows through your agent.
3.4 Derived security data
Findings, signal scores, composite risk scores, and attack-chain detections produced by our security engine. This data is bound to the customer's tenant and derived from §3.3.
3.5 Website data
Standard request metadata generated by our hosting infrastructure for security and operational purposes. We do not use third-party analytics, advertising cookies, or tracking pixels at this time.
3.6 Support correspondence
Email or in-app messages you send us.
4. How we use it
We use the data above to:
- operate the Service — ingest events, run online security checks, produce post-session risk scores, and render the dashboard;
- bill you and meet related tax and accounting obligations;
- send service emails (security alerts, billing, account, policy updates);
- prevent fraud and abuse, and investigate security incidents;
- respond to support requests and improve documentation;
- comply with law.
5. Legal bases (GDPR / India DPDP)
We rely on:
- Performance of contract — to provide the Service and bill you;
- Legitimate interests — security, fraud prevention, service emails, basic operational analytics;
- Consent — where required, including any optional marketing communications;
- Compliance with law — tax records and lawful requests from authorities.
6. Customer control over what is sent
You decide what flows into the SDK before it reaches us. The SDK provides options to:
- scrub common categories of personal data and credentials (such as emails, phone numbers, government identification numbers, payment numbers, IP addresses, and access tokens) using built-in patterns or a custom scrubber you supply;
- redact specific payload keys before events leave your environment;
- sample a fraction of sessions rather than tracing every one.
Refer to the SDK documentation for the current option names and configuration details. Redaction must happen client-side before ingest — we do not retroactively scrub events already received.
7. Sub-processors
We use the following sub-processors to deliver the Service:
| Sub-processor | Purpose | Location |
|---|---|---|
| Google Cloud Platform (GCP) | Hosting, managed infrastructure, and object storage (blog/marketing media and sealed audit archives) | India (asia-south1, Mumbai) |
| Lemon Squeezy | Billing as Merchant of Record | United States |
| Email provider (SMTP / Resend) | Transactional email | United States |
All primary infrastructure — API servers, databases, caches, and object storage — runs on Google Cloud Platform in the asia-south1 (Mumbai) region, operated by DapplePot. We will provide at least 30 days' notice of any material sub-processor change. You can object by terminating the affected Service per our Terms.
8. Data location and international transfers
All Customer Content (§3.3) is processed and stored in Mumbai, India today, on Google Cloud Platform infrastructure (asia-south1) operated by DapplePot. Enterprise customers may negotiate alternative regions in their master agreement.
Where personal data is transferred from the EEA, UK, or other regulated regions to India or to a sub-processor in the United States, we rely on appropriate safeguards — Standard Contractual Clauses with supplementary measures where required — and the India DPDP framework for transfers into India.
9. Retention
| Data | Retention |
|---|---|
| Customer Content in primary event storage | 90 days by default; Enterprise may negotiate |
| Session metadata, security findings, and account records | Life of the tenant |
| Sealed monthly audit archives (Enterprise) | Per contract |
| Backups | Up to 30 days; deleted data is purged from backups within this window |
| Tax and accounting records | Per Indian statutory requirements |
Tenant lifecycle after cancellation or trial expiry:
- Trial: 90 days read-only → 90 days suspended → hard delete (~6 months).
- Pro / Team / Enterprise: 730 days read-only → 90 days suspended → hard delete (~27 months from last payment).
Hard delete removes the tenant's records from our primary databases and event storage, and purges any audit archives held in object storage.
10. Security
- TLS for all API and dashboard traffic;
- Encryption at rest on Google Cloud Platform storage;
- Hashed passwords, short-lived session tokens, and per-tenant SDK keys scoped to a single tenant;
- Tenant isolation enforced throughout the Service so each customer's data is logically separated;
- Least-privilege internal access; cross-tenant access reserved for superadmin staff under audit;
- Sealed monthly audit archives available on Enterprise plans.
No system is perfectly secure. If you suspect a vulnerability, please write to founder@dapplepot.com.
11. Your rights
End-users of a customer's agent
Contact the customer who operates the agent. They control your data and we will support their request.
Account holders (where DapplePot is controller)
Subject to applicable law, you have the right to:
- access the personal data we hold about you;
- correct inaccurate data;
- request deletion;
- request a portable copy;
- restrict or object to certain processing;
- withdraw consent where processing is based on consent;
- lodge a complaint with a supervisory authority (in India, the Data Protection Board once constituted; in the EEA, your local DPA).
Write to founder@dapplepot.com. We respond within 30 days. We may need to verify your identity before acting on a request.
12. Cookies and similar technologies
We use only strictly-necessary cookies and local storage to keep you signed in and to secure the sign-in flow. We do not use advertising, third-party analytics, or tracking cookies at this time. If we add analytics in future, we will update this Policy and show a cookie banner where required.
13. Children
The Service is not directed to anyone under 16, and we do not knowingly collect personal data from children. If you believe a child has provided personal data to us, contact founder@dapplepot.com and we will delete it.
14. Data Processing Addendum
A Data Processing Addendum is available on request for customers who require one. Write to founder@dapplepot.com. Enterprise customers under a master agreement receive a DPA as part of that agreement.
15. Changes to this Policy
We will give at least 30 days' notice by email and via the dashboard before material changes take effect. Non-material changes are reflected by updating the “Last updated” date above. The current version is always at dapplepot.com/privacy.
DapplePot