1. Introduction
This Privacy Policy explains how Tyga.Cloud Ltd (Company No. 14643275), trading as AgenticUptime, ("we", "us", "our") collects, uses, stores, and discloses personal data when you use the AgenticUptime website at agenticuptime.com and the AgenticUptime agent-native infrastructure monitoring platform, including our API, dashboard, documentation, and related services (collectively, the "Service").
By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.
Our registered office is: Ground Floor, Unit 2 Mallard Court, Mallard Way, Crewe Business Park, Crewe, Cheshire, England, CW1 6ZQ.
2. Applicability — Controller vs. Processor
When we are the Controller: We act as the data controller for personal data we collect directly from you, such as your account information, billing details, API key metadata, and usage data. We determine the purposes and means of processing this data to provide and improve the Service.
When we are the Processor: When you connect your infrastructure to the Service for monitoring, we act as a data processor on your behalf. You (or your organisation) are the data controller for any monitoring data collected from your servers and services. We process this monitoring data solely to provide the Service in accordance with your instructions and our Terms of Service. We do not access, inspect, or analyse the content of your monitored infrastructure beyond what is required to deliver monitoring, alerting, anomaly detection, and remediation capabilities, or as required by law.
If you are using AgenticUptime on behalf of an organisation, that organisation is the controller of any personal data processed through monitoring of its infrastructure, and you should refer to your organisation's privacy policy for how that data is handled.
3.1 Account Information
When you create an account, we collect:
- Email address
- Name (if provided)
- Organisation name (if provided)
- Account credentials (passwords are hashed and salted; we never store plaintext passwords)
3.2 Billing Information
When you subscribe to a paid plan or pass the $1 verification gate, we collect payment information via our payment processor, Stripe. We do not store full credit card numbers on our servers. Stripe processes and stores your payment details in accordance with PCI-DSS standards. We receive and store:
- Stripe customer ID
- Last four digits of your card
- Card brand and expiration date
- Billing address
- Subscription status and plan details
3.3 Monitoring Data
When you connect your infrastructure to the Service, we collect and process monitoring data from your servers and services. This data is collected by our monitoring agents and stored on our infrastructure to provide the Service. Monitoring data includes:
- Server health metrics (CPU, memory, disk, network)
- Response times and latency measurements
- Uptime and downtime events
- Alert history and notification logs
- Anomaly detection data and patterns
- Auto-remediation logs and action history
- Agent context data (h-context) — per-service-instance persistent memory used by monitoring agents for diagnostics and trend analysis
3.4 API Keys
We generate and store API keys that authenticate your access to the Service. API keys follow the format au_<plan>_<tenant>_<hex>. We store:
- API key identifiers and hashed key values
- Key creation timestamps and last-used timestamps
- Key permissions and scopes
- Associated account and organisation metadata
3.5 Usage Data
We automatically collect usage data when you interact with the Service, including:
- API request logs (endpoint, method, timestamp, response status, latency)
- Dashboard interaction events (page views, feature usage)
- Conductor round activity (orchestration cycles, expert agent invocations)
- Expert agent activity logs (analysis requests, recommendations generated)
- IP addresses used to access the API and dashboard
- Browser type and version (for dashboard access)
4. How We Use Information
We use the information we collect for the following purposes:
- Providing the Service: To create and manage your account, monitor your infrastructure, authenticate API requests, process payments, and deliver metrics, alerts, and dashboards.
- Generating Alerts: To detect anomalies, trigger alerts based on your configured thresholds, and notify you of infrastructure issues via your preferred channels.
- Running Conductor Rounds: To orchestrate expert agent analysis of your infrastructure health, generate diagnostic insights, and produce actionable recommendations.
- Anomaly Detection: To analyse monitoring data patterns, identify deviations from baseline behaviour, and surface potential issues before they cause outages.
- Auto-Remediation: To execute approved remediation actions when issues are detected, log all actions taken, and report outcomes.
- Billing and Payments: To process subscription payments, generate invoices, enforce plan limits, and manage the $1 card verification process.
- Security: To detect and prevent fraud, abuse, and unauthorised access. To enforce rate limits, monitor for anomalous activity, and protect the integrity of the platform.
- Operational Communication: To send transactional emails (account verification, password resets, billing receipts, infrastructure alerts) via our email processor, tygaemail.com.
- Improving the Service: To analyse aggregate usage patterns, diagnose technical issues, optimise performance, and develop new features.
- Legal Compliance: To comply with applicable laws, regulations, and legal processes, and to enforce our Terms of Service.
We do not sell your personal data. We do not use your personal data for behavioural advertising. We do not use the content of your monitoring data for any purpose beyond providing the Service.
We share personal data only in the following circumstances:
- Stripe: We share billing information with Stripe, our payment processor, to process payments and manage subscriptions. Stripe's privacy policy is available at stripe.com/privacy.
- tygaemail.com: We share email addresses with our transactional email service to deliver account and service notifications.
- Buggazi: If you submit a bug report or support request, relevant technical details may be processed through our bug tracking platform, Buggazi.
- Hetzner: Our infrastructure is hosted on Hetzner servers (US East region, with EU availability). Hetzner provides the physical and network infrastructure but does not have access to application-level data.
- DeepSeek / Ollama (AI Providers): Our conductor and expert agents use AI language models (DeepSeek and self-hosted Ollama instances) for infrastructure analysis, anomaly detection, and diagnostic reasoning. We do not send personally identifiable information to these providers. Only anonymised, aggregated monitoring metrics and technical context are transmitted for analysis.
- A2A Infrastructure: Agent-to-agent (A2A) communication undergoes safety evaluation. No personal data is transmitted through A2A channels; only infrastructure telemetry and operational commands are processed.
- Legal Requirements: We may disclose personal data if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Tyga.Cloud Ltd, our users, or others.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of the transaction. We will notify affected users of any such change.
We do not share personal data with third parties for their marketing purposes.
6. Children's Privacy
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal data, please contact us at dpo@tyga.cloud.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete personal data.
- Erasure: Request deletion of your personal data, subject to legal retention obligations.
- Restriction: Request that we restrict processing of your personal data in certain circumstances.
- Portability: Request your personal data in a structured, commonly used, machine-readable format.
- Objection: Object to processing of your personal data for certain purposes.
- Withdraw Consent: Where processing is based on consent, withdraw that consent at any time.
To exercise any of these rights, contact us at dpo@tyga.cloud. We will respond within 30 days (or the applicable statutory period). We may ask you to verify your identity before processing your request.
8. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
- Encryption in transit (TLS) for all API and dashboard connections
- Encryption at rest for persistent storage
- Tenant isolation — each tenant's monitoring data is logically separated with dedicated credentials and access controls
- API key authentication with hashed storage
- Rate limiting and anomaly detection
- Regular security reviews and updates
- Access controls limiting employee access to personal data on a need-to-know basis
No system is completely secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your API keys and account credentials.
9. International Transfers
Our primary infrastructure is hosted on Hetzner servers in the US East region. EU hosting is available for customers who require it. If you are located outside the United States, your data may be transferred to and processed in the United States.
Where we transfer personal data from the European Economic Area (EEA), the United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we rely on appropriate safeguards, including Standard Contractual Clauses approved by the European Commission, to ensure that your personal data is protected.
Tyga.Cloud Ltd is incorporated in England and Wales. Our processing activities are subject to UK data protection law, including the UK GDPR and the Data Protection Act 2018.
10. EU/UK GDPR Rights
If you are located in the European Economic Area or the United Kingdom, the following additional provisions apply:
Legal Bases for Processing: We process your personal data on the following legal bases:
- Contract Performance (Article 6(1)(b)): Processing necessary to provide the Service you have requested, including account creation, infrastructure monitoring, API authentication, and billing.
- Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate interests, including platform security, fraud prevention, service improvement, and aggregate analytics. We balance these interests against your rights and freedoms.
- Legal Obligation (Article 6(1)(c)): Processing necessary to comply with legal obligations, such as tax and accounting requirements.
- Consent (Article 6(1)(a)): Where we rely on consent, you may withdraw it at any time.
Data Retention: We retain personal data for as long as your account is active or as needed to provide the Service. After account deletion, we may retain certain data for up to 90 days for backup and recovery purposes, and longer where required by law (e.g., billing records for tax compliance). API request logs are retained for the period specified by your plan (up to 1 year for Pro and Enterprise plans).
Data Protection Officer: You may contact our Data Protection Officer at dpo@tyga.cloud.
Supervisory Authority: You have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.
11. CCPA Disclosures
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information.
Categories of Personal Information Collected:
- Identifiers: Email address, name, IP address, API key identifiers.
- Commercial Information: Subscription plan, billing history, payment method details (last four digits only).
- Internet/Network Activity: API request logs, dashboard usage data, browser information.
- Professional Information: Organisation name (if provided).
Sale of Personal Information: We do not sell personal information as defined by the CCPA. We have not sold personal information in the preceding 12 months.
Your CCPA Rights:
- Right to Know: You may request the categories and specific pieces of personal information we have collected about you.
- Right to Delete: You may request deletion of your personal information, subject to exceptions permitted by law.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
To exercise your CCPA rights, contact us at dpo@tyga.cloud. We will verify your identity before processing your request.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on this page with a revised effective date. For material changes that significantly affect your rights, we will also notify you via the email address associated with your account.
Your continued use of the Service after the effective date of a revised Privacy Policy constitutes acceptance of the updated terms.
If you have any questions about this Privacy Policy or our data practices, please contact us:
- Data Protection Officer: dpo@tyga.cloud
- General Support: support@agenticuptime.com
- Post: Tyga.Cloud Ltd, Ground Floor, Unit 2 Mallard Court, Mallard Way, Crewe Business Park, Crewe, Cheshire, England, CW1 6ZQ
- Company No: 14643275