Privacy Policy
Last updated: 2026-06-06 · Service: agents.biab.cloud
agents.biab.cloud. Have a lawyer or a service like
Termly review before treating it as binding.
1. Who runs this service
agents.biab.cloud is operated by the same legal entity as biab.cloud (the "Platform"). Contact for privacy questions: privacy@biab.cloud.
2. What data we hold about you
- Account identity — email, display name, the username we derive from your email (becomes your subdomain).
- Cluster metadata — pod name, provisioning status, creation date, custom domains you've connected.
- Workspace files — every file you create or edit in
your in-browser IDE is stored on encrypted block storage on our
infrastructure, and mirrored as a private git repo at
gitlab.biab.cloud/tenants/<your-username>/<app>. - Agent settings — your LLM provider choice (Ollama or OpenRouter), the API key you supplied (stored encrypted at rest), and the model you selected.
- Deletion history — when you delete a cluster, we record the deletion timestamp + the username + the email that owned it so we can enforce the post-delete cooldown.
- Operational logs — request method + path + status code + IP, kept for at most 30 days for abuse investigation. We do NOT log request or response bodies.
3. What we do NOT do
- We do not train AI models on your code or chat with the agents.
- We do not sell your data, share it with advertisers, or use it for profiling.
- We do not read your workspace files except when you explicitly ask support to do so.
4. Third-party processors (sub-processors)
We use a small number of services to run agents.biab.cloud. The complete list — what they process and where they're located — is at /legal/sub-processors.html. By far the most relevant: the LLM provider you yourself select. When you submit a prompt to an agent, that prompt + the surrounding code context leaves our infrastructure and goes to OpenRouter or your Ollama endpoint, governed by their privacy policy.
5. Your rights (GDPR / similar)
- Access + portability (Article 15 + 20) — download
every record we hold about you as JSON at
GET /api/me/exportwhile logged in. Your workspace files live in your own git repos; clone with your existing credentials. - Erasure (Article 17) — the "Delete cluster" button on your dashboard wipes the entire tenancy: namespace, agents, workspaces, custom domains, per-app git repos, encrypted settings, and every DB row tied to you. Click and confirm with your username.
- Restriction + objection — email privacy@biab.cloud and we'll respond within 30 days.
- Complaint — you can lodge a complaint with your local data protection authority. For EU users that's the authority of the member state where you live or work.
6. How long we keep your data
Active accounts: for as long as the account is active. Deleted accounts: immediately wiped, except the deletion_history row (username + email + timestamp) which is retained for 12 months to enforce the abuse cooldown and detect repeat misuse. Operational logs: 30 days.
7. Where your data lives
All workloads and storage run on dedicated infrastructure in Germany (Hetzner, Falkenstein). We do not replicate data outside the EU.
8. Security
All connections are TLS-encrypted. Per-user secrets (LLM keys, etc.) are stored as SOPS-encrypted manifests in our gitops repo with the private decryption key kept off-cluster in two off-line locations. See our security policy for details.
9. Changes to this policy
We'll post material changes to this page with a new "Last updated" date. For account-bound changes (e.g. a new sub-processor) we'll email you at least 30 days in advance.
← Back to agents.biab.cloud