★ Privacy

Privacy Policy

Last updated: 29 May 2026. Effective immediately for all users.

This policy explains what Agentville collects, why, where it lives, and what you can do about it. We try to keep it short and plain. If something is unclear, write to privacy@fuselink.app and we will explain in person.

Our standing promises

Four commitments sit above everything else in this policy. They are how the product is built, not marketing:

• Mascots never see your raw keys. When you connect a service, the access token is encrypted and used through our gateway. The AI itself never receives your credentials.
• Sensitive actions ask first. Anything that leaves your village or cannot be undone, like sending an email or sharing a file, waits for your tap before it happens.
• We never train on your data. Your quests, receipts, and memory are never used to train AI models, ours or anyone else's.
• One village, one person. Your village is yours alone. There is no shared access and no mixing of data between people.

Who runs Agentville

The app and the service behind it are operated by Fuse Link Inc., a Delaware corporation. Fuse Link Inc. is the data controller for the purposes of GDPR and equivalent laws. You can reach us at privacy@fuselink.app for any privacy-related question.

What we collect

We collect only what we need to run quests for you and to keep the service safe. Specifically:

• Account. Your email address, and if you sign in with Apple or Google, the identifier returned by that provider. If you start as a guest, we issue an anonymous user ID until you choose to sign in.
• Onboarding answers. The preferences you set the first time you open the app, so your village starts in the right shape.
• Quests and receipts. Every quest you drop, the text of your prompt, the mascot that took it, and the result they return. We call the result a "receipt" and we keep it so you can read it again later.
• Memory. Facts your mascots are asked to remember between quests, like "I am vegetarian" or "my partner's name is Sam." You can review and delete these at any time from the village.
• Connector data. When you connect a service like Gmail, Slack, Notion, Google Calendar, or Google Drive, we read only what the quest needs and only with the OAuth scope you approved. We do not store raw emails, messages, or files. We store the receipt of what the mascot did and a pointer back to the source.
• Voice input. If you record a voice memo for a quest, we transcribe it to text. The audio is processed and not retained after transcription.
• Device. A push notification token so we can tell you when a mascot finished, plus basic device information (model, OS version, app version) to debug crashes.
• Payments. Apple App Store, Google Play Store, and RevenueCat handle the transaction. We see that you bought something and which entitlement applies. We do not see card numbers or billing addresses.
• Usage analytics. We log screen views and product events (quest dropped, receipt opened, etc.) to PostHog. These are aggregated and do not include the content of your quests or receipts.

How we use it

• Run quests. Send your prompt to the right mascot, give them the tools and memory they need, return a receipt.
• Keep your village alive. Persist your wallet, mascots, history, and preferences so they are there next time you open the app.
• Notify you. Push and in-app notifications when a quest finishes or needs your input.
• Improve the product. Aggregated analytics to learn which mascots help most and which surfaces confuse people. We do not train models on your quest content.
• Protect the service. Detect abuse, rate-limit misuse, and meet legal obligations.

Who we share with

We share data with a small set of service providers, only as needed to run Agentville:

• Google Cloud (Frankfurt and US regions). Hosts our application servers and database.
• Frontier AI model providers. Process the content of a quest to generate your mascot's work. They are contractually barred from training on your data and operate under limited-retention terms.
• Firebase. Handles authentication and push notifications.
• RevenueCat. Routes in-app purchases and tracks your subscription entitlement.
• PostHog. Stores aggregated product analytics.
• The shops you connect. When you authorize Gmail, Slack, Notion, Google Calendar, Google Drive, or any future connector, the mascot you assign will read from those services under your OAuth grant. Each provider has its own privacy policy and you can revoke our access from your account on their side at any time.

We do not sell your data. We do not use your quest content to train third-party models. We do not run advertising and we do not share data with ad networks.

Where data lives

Our primary region is Frankfurt (Google Cloud europe-west3). For users outside the EU we may also use US regions. We use TLS everywhere in transit. OAuth tokens for connector services are stored encrypted in Google Cloud Secret Manager.

How long we keep it

• Account and profile: until you delete your account.
• Quest history and receipts: up to 24 months, or until you delete them.
• Memory: until you delete the entries or your account.
• Connector OAuth tokens: until you disconnect the service or your account is deleted.
• Push tokens and device records: rotated as your device changes; deleted with the account.
• Aggregated analytics: up to 12 months.
• Backups: rolled forward on a 30-day cycle.

Your rights

Wherever you live, you can do the following from within Agentville or by writing to privacy@fuselink.app:

• See what we have. Request a copy of your data in a machine-readable form.
• Correct it. Fix anything wrong in your profile, memory, or receipts.
• Delete it. Delete your account and everything tied to it. We honor this within 30 days.
• Move it. Export your receipts and memory for use elsewhere.
• Revoke a connector. Disconnect any shop at any time. This stops new reads immediately.
• Object. Object to processing for product analytics. We will switch you to a privacy-preserving mode that records nothing beyond what is needed to deliver the service.

EU and UK residents can additionally file a complaint with their local data protection authority. For Germany, that is the Federal Commissioner for Data Protection and Freedom of Information (BfDI).

Security

We protect your data with industry-standard measures: TLS in transit, encryption at rest, principle-of-least-privilege access for our team, secret rotation, single-flight OAuth refresh, and audit logging on sensitive operations. No system is unbreakable, but if we ever discover a breach that affects you, we will notify you within 72 hours of discovery as required by GDPR.

Children

Agentville is not directed at children under 16. If you are under 16, please do not use the app. If you are a parent or guardian and believe a child has registered, contact us and we will delete the account.

International transfers

If you use Agentville from outside the EU, some of your data may be processed in the United States by our service providers. We rely on Standard Contractual Clauses and the EU-US Data Privacy Framework where applicable to keep your data protected under European standards.

Changes to this policy

If we change anything material, we will notify you in the app and update the date at the top of this page. Continued use of Agentville after a material change means you accept the new policy.

Contact

Fuse Link Inc.
Email: privacy@fuselink.app
General: oz@fuselink.app

← Back to the village