What we store, where it lives, and who can see it. Beta version — short, scannable, and honest. We'll publish a longer GDPR-flavoured document before we open public signup.
Email and a password hash to sign you in. The agent configs you set up in the dashboard, including any provider API keys you paste — those are encrypted at rest. Your agent's conversation history and logs live inside your VM's /data overlay disk; we don't pull them out into a central store.
Provider keys (OpenAI, Anthropic, OpenRouter, etc.) and Telegram / Slack tokens are not stored in our database. They flow from the wizard straight into your VM's persistent disk (at /data/.env) and never enter our logs, audit trail, or backups in plaintext. The dashboard keeps a "…last4"-style preview so the Configure form can show which fields are set.
One exception: Discord bot tokens. Our Discord relay holds an open gateway socket for your bot 24/7 — including while your VM is paused — so the Discord-side fields are stored encrypted (AES-256-GCM) and decrypted in memory only when the relay needs to forward an event.
Stored in your VM's persistent disk. Cagebox operators do not read them as a matter of course. We have admin access to the underlying host for support and incident response — we will not poke at your data unless you ask us to, and we'll tell you when we do.
The only third parties that see your agent's prompts are the LLM providers you configure (OpenAI, Anthropic, and so on). Those calls leave your VM under your API key, on your terms. We don't share, sell, or hand off your data to anyone else.
Billing is handled by Stripe. When you subscribe, your card details are entered on Stripe-hosted pages and never touch our servers — we only receive a Stripe customer id, the plan you picked, and the subscription status (active / trialing / past_due / canceled). PCI-DSS compliance is inherited from Stripe. Invoices and saved payment methods are managed through Stripe's customer portal, which you can open from the Billing page.
One strictly-necessary cookie keeps you signed in. For understanding how the site is used we run Cloudflare Web Analytics, which is cookieless and stores no personal data, and Google Analytics 4 in Google Consent Mode. Until you make a choice in the cookie banner — or if you select “Necessary only” — Google Analytics receives only anonymous, cookieless signals (no identifiers, used solely for aggregate visit counts). Only after you select “Accept all” do we set Google Analytics cookies that measure your session in full. We use no advertising pixels and share no data for ad targeting. You can change your choice any time by clearing site data.
Email support@cagebox.dev and we will wipe your account and your agent overlay disks within 7 days. You can also destroy individual agents from the dashboard at any time — that removes the overlay immediately.